Chg: update image tag in helm values to v2.4.1

Signed-off-by: Dmitry Dunaev <dmitry@opsfleet.com>

.github/git-release-tool/repositories.yaml

@@ -0,0 +1,14 @@
+deploy_repo_url: https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+repositories:
+  - name: owgw
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git
+    docker_compose_name: OWGW_TAG
+  - name: owsec
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git
+    docker_compose_name: OWSEC_TAG
+  - name: owfms
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralfms.git
+    docker_compose_name: OWFMS_TAG
+  - name: owgw-ui
+    url: https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui.git
+    docker_compose_name: OWGWUI_TAG

.github/workflows/clustersysteminfo_image_ci.yml

@@ -0,0 +1,67 @@
+name: Build cluster systeminfo checker image
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  # TODO delete after tests
+  pull_request:
+    branches:
+      - main
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  docker:
+    runs-on: ubuntu-20.04
+    env:
+      DOCKER_REGISTRY_URL: tip-tip-wlan-cloud-ucentral.jfrog.io
+      DOCKER_REGISTRY_USERNAME: ucentral
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build Docker image
+      working-directory: chart/docker
+      run: docker build -t wlan-cloud-clustersysteminfo:${{ github.sha }} .
+
+    - name: Tag Docker image
+      run: |
+        TAGS="${{ github.sha }}"
+
+        if [[ ${GITHUB_REF} == "refs/heads/"* ]]
+        then
+          CURRENT_TAG=$(echo ${GITHUB_REF#refs/heads/} | tr '/' '-')
+          TAGS="$TAGS $CURRENT_TAG"
+        else
+          if [[ ${GITHUB_REF} == "refs/tags/"* ]]
+          then
+            CURRENT_TAG=$(echo ${GITHUB_REF#refs/tags/} | tr '/' '-')
+            TAGS="$TAGS $CURRENT_TAG"
+          else # PR build
+            CURRENT_TAG=$(echo ${GITHUB_HEAD_REF#refs/heads/} | tr '/' '-')
+            TAGS="$TAGS $CURRENT_TAG"
+          fi
+        fi
+
+        echo "Result tags: $TAGS"
+
+        for tag in $TAGS; do
+          docker tag wlan-cloud-clustersysteminfo:${{ github.sha }} ${{ env.DOCKER_REGISTRY_URL }}/clustersysteminfo:$tag
+        done
+
+    - name: Log into Docker registry
+      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
+      uses: docker/login-action@v1
+      with:
+        registry: ${{ env.DOCKER_REGISTRY_URL }}
+        username: ${{ env.DOCKER_REGISTRY_USERNAME }}
+        password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+    - name: Push Docker images
+      if: startsWith(github.ref, 'refs/tags/') || startsWith(github.ref, 'refs/pull/') || github.ref == 'refs/heads/main'
+      run: |
+        docker images | grep ${{ env.DOCKER_REGISTRY_URL }}/clustersysteminfo | awk -F ' ' '{print $1":"$2}' | xargs -I {} docker push {}

.github/workflows/release.yml

@@ -33,11 +33,11 @@ jobs:
             exit 1
           fi
 
-          if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
-            echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
-            cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
-            exit 1
-          fi
+          #if [ "$(cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)' | wc -l)" != "0" ]; then
+          #  echo "Some of the dependencies does not have a fixed version set. List of affected dependencies:";
+          #  cat Chart.yaml | yq '.dependencies[].repository' -r | grep -E 'ref=(main|master)';
+          #  exit 1
+          #fi
 
       - name: Build package
         working-directory: wlan-cloud-ucentral-deploy/chart

.gitignore

@@ -1,3 +1,5 @@
 *.swp
 chart/charts/*
 /docker-compose/certs/
+/docker-compose/*_data
+/docker-compose/owls/*_data

README.md

@@ -15,6 +15,6 @@ This is a short version of [uCentral branching model](https://telecominfraprojec
 
 1. Create release branch with next Chart version (check Git tags for the latest version - for example if latest tag was `v0.1.0`, create release branch `release/v0.1.1`), set required microservices tags in refs in Chart.yaml (for example, if we want to have this version to be tied to ucentralgw release version `v2.0.0`, we should set it’s repository to `"git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.0.0"`).
 2. Increase Helm version in [Chart.yaml](./chart/Chart.yaml) to the same version as Git tag (for example if the latest git tag is `v0.1.0`, set version `0.1.1` (**without v in it**) in Chart.yaml).
-3. Also increase the microservice image tags used by the Docker Compose deployments according to the release in the 'Image tags' section of the `docker-compose/.env.selfsigned` and `docker-compose/.env.letsencrypt` files.
+3. Also increase the microservice image tags used by the Docker Compose deployments according to the release in the 'Image tags' section of the `docker-compose/.env`, `docker-compose/.env.selfsigned` and `docker-compose/.env.letsencrypt` files.
 4. Create new git tag from release branch. The Git tag should have the same name as the intended release version. Once the tag is pushed to the repo, Github will trigger a build process that will create an assembly Helm chart bundle with all version fixed to the release equal to the Git tag name and will publish it to the public Artifactory and as GitHub release asset.
 5. Release to the QA namespace using the packaged Helm assembly chart to verify there are no issues related to the deployment.

chart/Chart.lock

@@ -1,15 +1,21 @@
 dependencies:
 - name: owgw
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.2.0-RC1
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.0
   version: 0.1.0
 - name: owsec
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.2.0-RC1
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.0
   version: 0.1.0
 - name: owfms
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.2.0-RC1
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.0
+  version: 0.1.0
+- name: owprov
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main
   version: 0.1.0
 - name: owgwui
-  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.2.0-RC1
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0
+  version: 0.1.0
+- name: owprovui
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main
   version: 0.1.0
 - name: rttys
   repository: git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0
@@ -17,5 +23,11 @@ dependencies:
 - name: kafka
   repository: https://charts.bitnami.com/bitnami
   version: 13.0.2
-digest: sha256:a19a0fa348103400875a95769469f595ee0cd9121ddba2750158afde282d9af5
-generated: "2021-10-01T14:54:00.222699952+03:00"
+- name: owls
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main
+  version: 0.1.0
+- name: owlsui
+  repository: git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master
+  version: 0.1.0
+digest: sha256:3a71cf3bac846757ed3c60cce296c73c7ecdb31bef474126d4205053019f842e
+generated: "2021-12-17T05:46:32.701924621+03:00"

chart/Chart.yaml

@@ -2,25 +2,41 @@ apiVersion: v2
 name: openwifi
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
-version: 2.2.0-RC1
+version: 2.4.1
 dependencies:
 - name: owgw
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.2.0-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw@helm?ref=v2.4.1"
   version: 0.1.0
 - name: owsec
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.2.0-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralsec@helm?ref=v2.4.1"
   version: 0.1.0
 - name: owfms
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.2.0-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralfms@helm?ref=v2.4.1"
+  version: 0.1.0
+- name: owprov
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov@helm?ref=main"
   version: 0.1.0
 - name: owgwui
-  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.2.0-RC1"
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui@helm?ref=v2.4.0"
+  version: 0.1.0
+- name: owprovui
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owprov-ui@helm?ref=main"
   version: 0.1.0
 - name: rttys
   repository: "git+https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty@chart?ref=v0.1.0"
   version: 0.1.0
-  condition: rttys.enabled
 - name: kafka
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
   version: 13.0.2
-  condition: kafka.enabled
+- name: owls
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls@helm?ref=main"
+  version: 0.1.0
+  condition: owls.enabled
+- name: owlsui
+  repository: "git+https://github.com/Telecominfraproject/wlan-cloud-owls-ui@helm?ref=master"
+  version: 0.1.0
+  condition: owlsui.enabled
+- name: haproxy
+  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+  version: 0.2.21
+  condition: haproxy.enabled

chart/README.md

@@ -10,6 +10,8 @@ This Helm chart helps to deploy OpenWIFI Cloud SDK with all required dependencie
 $ helm install .
 ```
 
+Then change the default password as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password).
+
 ## Introduction
 
 This chart bootstraps the OpenWIFI Cloud SDK on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
@@ -34,6 +36,10 @@ If you need to update your release, it could be required to update your helm cha
 helm dependency update
 ```
 
+#### Required password changing on the first startup
+
+One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
+
 ## Uninstalling the Chart
 
 To uninstall/delete the `my-release` deployment:

chart/docker/Dockerfile

@@ -0,0 +1,46 @@
+FROM alpine:latest AS base
+
+RUN apk add curl git jq bash
+
+WORKDIR /cli
+
+# OWGW
+ARG OWGW_VERSION=master
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralgw.git owgw \
+  && cd owgw \
+  && git checkout $OWGW_VERSION \
+  && cd /cli \
+  && cp owgw/test_scripts/curl/cli owgw_cli \
+  && rm -rf owgw
+
+# OWSEC
+ARG OWSEC_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralsec.git owsec \
+  && cd owsec \
+  && git checkout $OWSEC_VERSION \
+  && cd /cli \
+  && cp owsec/test_scripts/curl/cli owsec_cli \
+  && rm -rf owsec
+
+# OWFMS
+ARG OWFMS_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-ucentralfms.git owfms \
+  && cd owfms \
+  && git checkout $OWFMS_VERSION \
+  && cd /cli \
+  && cp owfms/test_scripts/curl/cli owfms_cli \
+  && rm -rf owfms
+
+# OWPROV
+ARG OWPROV_VERSION=main
+RUN git clone https://github.com/Telecominfraproject/wlan-cloud-owprov.git owprov \
+  && cd owprov \
+  && git checkout $OWPROV_VERSION \
+  && cd /cli \
+  && cp owprov/test_scripts/curl/cli owprov_cli \
+  && rm -rf owprov
+
+COPY clustersysteminfo clustersysteminfo
+COPY change_credentials change_credentials
+
+ENTRYPOINT ["/cli/clustersysteminfo"]

chart/docker/change_credentials

@@ -0,0 +1,68 @@
+#!/bin/bash
+# Constants
+export DEFAULT_CHECK_RETRIES=10
+
+# Usage function
+usage () {
+  echo;
+  echo "- OWSEC - owsec endpoint to make requests to (i.e. openwifi.wlan.local:16001)";
+  echo "- OWSEC_DEFAULT_USERNAME - default owsec username from properties";
+  echo "- OWSEC_DEFAULT_PASSWORD - default owsec password (in cleartext) from properties";
+  echo "- OWSEC_NEW_PASSWORD - new owsec password (in cleartext) that should be set for login";
+}
+
+# Check if required environment variables were passed
+## Login specifics
+[ -z ${OWSEC+x} ] && echo "OWSEC is unset" && usage && exit 1
+[ -z ${OWSEC_DEFAULT_USERNAME+x} ] && echo "OWSEC_DEFAULT_USERNAME is unset" && usage && exit 1
+[ -z ${OWSEC_DEFAULT_PASSWORD+x} ] && echo "OWSEC_DEFAULT_PASSWORD is unset" && usage && exit 1
+[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" && usage && exit 1
+
+# Check credentials
+export result_file=result.json
+
+# Try logging in with default credentials
+payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_DEFAULT_PASSWORD}\" }"
+curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
+    -H "Content-Type: application/json" \
+    -d "$payload" > ${result_file}
+errorCode=$(cat ${result_file} | jq -r '.ErrorCode')
+# If ErrorCode == 1, we must change password
+if [[ "${errorCode}" == "1" ]]
+then
+    payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_DEFAULT_PASSWORD}\", \"newPassword\" : \"${OWSEC_NEW_PASSWORD}\" }"
+    curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
+        -H "Content-Type: application/json" \
+        -d "$payload" > ${result_file}
+    # Check if password was changed correctly
+    token=$(cat ${result_file} | jq -r '.access_token')
+    if [[ "${token}" == "null" ]] || [[ "${token}" == "" ]] || [[ ! -s ${result_file} ]]
+    then
+        echo "Could not change credentials:"
+        jq < ${result_file}
+        exit 1
+    else
+        echo "Login credentials were changed:"
+    fi
+# If ErrorCode == 2 then new credentials were applied already OR user was deleted OR credentials are wrong
+elif [[ "${errorCode}" == "2" ]]
+then
+    # Let's try logging in using new credentials
+    payload="{ \"userId\" : \"${OWSEC_DEFAULT_USERNAME}\" , \"password\" : \"${OWSEC_NEW_PASSWORD}\" }"
+    curl ${FLAGS} -X POST "https://${OWSEC}/api/v1/oauth2" \
+            -H "Content-Type: application/json" \
+            -d "$payload" > ${result_file}
+    token=$(cat ${result_file} | jq -r '.access_token')
+    # TODO check if there are any response
+    if [[ "${token}" == "null" ]] || [[ "${token}" == "" ]] || [[ ! -s ${result_file} ]]
+    then
+        echo "Could not login with new credentials. Probably new login credentials are wrong OR user was deleted. Since we cannot check if user is really deleted, skipping this issue:"
+    else
+        echo "Logged in with new credentials:"
+    fi
+else
+    echo "Credentials check failed with unexpected ErrorCode, please review the responce body:"
+    jq < ${result_file}
+    exit 2
+fi
+jq < ${result_file}

chart/docker/clustersysteminfo

@@ -0,0 +1,106 @@
+#!/bin/bash
+
+# Constants
+export DEFAULT_CHECK_RETRIES=30
+
+# Check dependencies
+[[ "$(which jq)" == "" ]] && echo "You need the package jq installed to use this script." && exit 1
+[[ "$(which curl)" == "" ]] && echo "You need the package curl installed to use this script." && exit 1
+
+# Check if required environment variables were passed
+[[ -z ${OWSEC+x} ]] && echo "You must set the variable OWSEC in order to use this script. Something like" && echo "OWSEC=security.isp.com:16001" && exit 1
+[[ -z ${OWSEC_DEFAULT_USERNAME+x} ]] && echo "You must set the variable OWSEC_DEFAULT_USERNAME in order to use this script. Something like" && echo "OWSEC_DEFAULT_USERNAME=tip@ucentral.com" && exit 1
+[[ -z ${OWSEC_DEFAULT_PASSWORD+x} ]] && echo "You must set the variable OWSEC_DEFAULT_PASSWORD in order to use this script. Something like" && echo "OWSEC_DEFAULT_PASSWORD=openwifi" && exit 1
+[[ -z ${OWSEC_NEW_PASSWORD+x} ]] && echo "You must set the variable OWSEC_NEW_PASSWORD in order to use this script. Something like" && echo "OWSEC_NEW_PASSWORD=NewPass123%" && exit 1
+
+[[ "${CHECK_RETRIES}" == "" ]] && [[ "${CHECK_RETRIES}" -eq "${CHECK_RETRIES}" ]] && echo "Environment variable CHECK_RETRIES is not set or is not number, setting it to the default value (${DEFAULT_CHECK_RETRIES})" && export CHECK_RETRIES=$DEFAULT_CHECK_RETRIES
+
+# Make sure owsec is resolvable
+export OWSEC_FQDN=$(echo $OWSEC | awk -F ':' '{print $1}')
+echo "Waiting for OWSEC FQDN ($OWSEC_FQDN) to be resolvable"
+exit_code=1
+until [[ "$exit_code" -eq "0" ]]
+do
+  getent hosts $OWSEC_FQDN
+  exit_code=$?
+  sleep 1
+done
+echo
+
+# Change/check password for owsec AND set owsec credentials
+export CHANGE_CHECK_RETRIES=${CHECK_RETRIES}
+until ./change_credentials || [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
+do
+  echo "Change/check failed"
+  let "CHANGE_CHECK_RETRIES-=1"
+  echo "Retries left - $CHANGE_CHECK_RETRIES"
+  echo
+  sleep 5
+done
+
+if [[ "${CHANGE_CHECK_RETRIES}" -eq "0" ]]
+then
+  echo "Run out of retries to change/check login credentials"
+  exit 3
+fi
+
+# Adapt scripts for the security credentials
+# -> Username
+sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owsec_cli -i
+sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owgw_cli -i
+sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owfms_cli -i
+sed '/^username/s/username=.*/username="'$OWSEC_DEFAULT_USERNAME'"/' owprov_cli -i
+# -> Password
+sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owsec_cli -i
+sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owgw_cli  -i
+sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owfms_cli -i
+sed '/^password/s/password=.*/password="'$OWSEC_NEW_PASSWORD'"/' owprov_cli -i
+
+echo "Running systeminfo checks for all components until all of them are available OR check tries are exausted ($CHECK_RETRIES)"
+exit_code_sum=1
+until [[ "$exit_code_sum" -eq "0" ]] || [[ "${CHECK_RETRIES}" -eq "0" ]]
+do
+  exit_code_sum=0
+  ./owsec_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owgw_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owfms_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  ./owprov_cli systeminfo
+  let "exit_code_sum+=$?"
+  if [[ ! -s result.json ]]
+  then
+    let "exit_code_sum+=1"
+  fi
+  let "exit_code_sum+=$(grep ErrorCode result.json | wc -l)"
+  sleep 1
+
+  let "CHECK_RETRIES-=1"
+  echo "Exit code sum: $exit_code_sum"
+  echo "Left retries: $CHECK_RETRIES"
+  sleep 5
+  echo
+done
+exit $exit_code_sum

chart/environment-values/deploy.sh

@@ -0,0 +1,215 @@
+#!/bin/bash
+set -e
+
+# Usage function
+usage () {
+  echo;
+  echo "This script is indended for OpenWIFI Cloud SDK deployment to TIP QA/Dev environments using assembly Helm chart (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/chart) with configuration through environment variables";
+  echo;
+  echo "Required environment variables:"
+  echo;
+  echo "- NAMESPACE - namespace suffix that will used added for the Kubernetes environment (i.e. if you pass 'test', kubernetes namespace will be named 'ucentral-test')";
+  echo "- DEPLOY_METHOD - deployment method for the chart deployment (supported methods - 'git' (will use helm-git from assembly chart) and 'bundle' (will use chart stored in the Artifactory0";
+  echo "- CHART_VERSION - version of chart to be deployed from assembly chart (for 'git' method git ref may be passed, for 'bundle' method version of chart may be passed)";
+  echo;
+  echo "- VALUES_FILE_LOCATION - path to file with override values that may be used for deployment";
+  echo "- RTTY_TOKEN - token to be used for rttys and OpenWIFI Gateway for remote tty sessions";
+  echo "- OWGW_AUTH_USERNAME - username to be used for requests to OpenWIFI Security";
+  echo "- OWGW_AUTH_PASSWORD - hashed password for OpenWIFI Security (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo "- OWFMS_S3_SECRET - secret key that is used for OpenWIFI Firmware access to firmwares S3 bucket";
+  echo "- OWFMS_S3_KEY - access key that is used for OpenWIFI Firmware access to firmwares S3 bucket";
+  echo "- OWSEC_NEW_PASSWORD - password that should be set to default user instead of default password from properties";
+  echo "- CERT_LOCATION - path to certificate in PEM format that will be used for securing all endpoint in all services";
+  echo "- KEY_LOCATION - path to private key in PEM format that will be used for securing all endpoint in all services";
+  echo;
+  echo "Following environmnet variables may be passed, but will be ignored if CHART_VERSION is set to release (i.e. v2.4.0):"
+  echo;
+  echo "- OWGW_VERSION - OpenWIFI Gateway version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
+  echo "- OWGWUI_VERSION - OpenWIFI Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
+  echo "- OWSEC_VERSION - OpenWIFI Security version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
+  echo "- OWFMS_VERSION - OpenWIFI Firmware version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
+  echo "- OWPROV_VERSION - OpenWIFI Provisioning version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
+  echo "- OWPROVUI_VERSION - OpenWIFI Provisioning Web UI version to deploy (will be used for Docker image tag and git branch for Helm chart if git deployment is required)";
+  echo;
+  echo "Optional environment variables:"
+  echo;
+  echo "- EXTRA_VALUES - extra values that should be passed to Helm deployment separated by comma (,)"
+  echo "- DEVICE_CERT_LOCATION - path to certificate in PEM format that will be used for load simulator";
+  echo "- DEVICE_KEY_LOCATION - path to private key in PEM format that will be used for load simulator";
+  echo "- USE_SEPARATE_OWGW_LB - flag that should change split external DNS for OWGW and other services"
+}
+
+# Global variables
+VALUES_FILE_LOCATION_SPLITTED=()
+EXTRA_VALUES_SPLITTED=()
+
+# Helper functions
+check_if_chart_version_is_release() {
+  PARSED_CHART_VERSION=$(echo $CHART_VERSION | grep -xP "v\d+\.\d+\.\d+.*")
+  if [[ -z "$PARSED_CHART_VERSION" ]]; then
+    return 1
+  else
+    return 0
+  fi
+}
+
+# Check if required environment variables were passed
+## Deployment specifics
+[ -z ${DEPLOY_METHOD+x} ] && echo "DEPLOY_METHOD is unset" && usage && exit 1
+[ -z ${CHART_VERSION+x} ] && echo "CHART_VERSION is unset" && usage && exit 1
+if check_if_chart_version_is_release; then
+  echo "Chart version ($CHART_VERSION) is release version, ignoring services versions"
+else
+  echo "Chart version ($CHART_VERSION) is not release version, checking if services versions are set"
+  [ -z ${OWGW_VERSION+x} ] && echo "OWGW_VERSION is unset" && usage && exit 1
+  [ -z ${OWGWUI_VERSION+x} ] && echo "OWGWUI_VERSION is unset" && usage && exit 1
+  [ -z ${OWSEC_VERSION+x} ] && echo "OWSEC_VERSION is unset" && usage && exit 1
+  [ -z ${OWFMS_VERSION+x} ] && echo "OWFMS_VERSION is unset" && usage && exit 1
+  [ -z ${OWPROV_VERSION+x} ] && echo "OWPROV_VERSION is unset" && usage && exit 1
+  [ -z ${OWPROVUI_VERSION+x} ] && echo "OWPROVUI_VERSION is unset" && usage && exit 1
+fi
+## Environment specifics
+[ -z ${NAMESPACE+x} ] && echo "NAMESPACE is unset" && usage && exit 1
+## Variables specifics
+[ -z ${VALUES_FILE_LOCATION+x} ] && echo "VALUES_FILE_LOCATION is unset" && usage && exit 1
+[ -z ${RTTY_TOKEN+x} ] && echo "RTTY_TOKEN is unset" && usage && exit 1
+[ -z ${OWGW_AUTH_USERNAME+x} ] && echo "OWGW_AUTH_USERNAME is unset" && usage && exit 1
+[ -z ${OWGW_AUTH_PASSWORD+x} ] && echo "OWGW_AUTH_PASSWORD is unset" && usage && exit 1
+[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
+[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
+[ -z ${OWSEC_NEW_PASSWORD+x} ] && echo "OWSEC_NEW_PASSWORD is unset" && usage && exit 1
+[ -z ${CERT_LOCATION+x} ] && echo "CERT_LOCATION is unset" && usage && exit 1
+[ -z ${KEY_LOCATION+x} ] && echo "KEY_LOCATION is unset" && usage && exit 1
+
+[ -z ${DEVICE_CERT_LOCATION+x} ] && echo "DEVICE_CERT_LOCATION is unset, setting it to CERT_LOCATION" && export DEVICE_CERT_LOCATION=$CERT_LOCATION
+[ -z ${DEVICE_KEY_LOCATION+x} ] && echo "DEVICE_KEY_LOCATION is unset, setting it to KEY_LOCATION" && export DEVICE_KEY_LOCATION=$KEY_LOCATION
+
+# Transform some environment variables
+export OWGW_VERSION_TAG=$(echo ${OWGW_VERSION} | tr '/' '-')
+export OWGWUI_VERSION_TAG=$(echo ${OWGWUI_VERSION} | tr '/' '-')
+export OWSEC_VERSION_TAG=$(echo ${OWSEC_VERSION} | tr '/' '-')
+export OWFMS_VERSION_TAG=$(echo ${OWFMS_VERSION} | tr '/' '-')
+export OWPROV_VERSION_TAG=$(echo ${OWPROV_VERSION} | tr '/' '-')
+export OWPROVUI_VERSION_TAG=$(echo ${OWPROVUI_VERSION} | tr '/' '-')
+
+# Debug get bash version
+bash --version > /dev/stderr
+
+# Check deployment method that's required for this environment
+helm plugin install https://github.com/databus23/helm-diff || true
+if [[ "$DEPLOY_METHOD" == "git" ]]; then
+  helm plugin install https://github.com/aslafy-z/helm-git --version 0.10.0 || true
+  rm -rf wlan-cloud-ucentral-deploy || true
+  git clone https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git
+  cd wlan-cloud-ucentral-deploy
+  git checkout $CHART_VERSION
+  cd chart
+  if ! check_if_chart_version_is_release; then
+    sed -i '/wlan-cloud-ucentralgw@/s/ref=.*/ref='${OWGW_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralgw-ui@/s/ref=.*/ref='${OWGWUI_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralsec@/s/ref=.*/ref='${OWSEC_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-ucentralfms@/s/ref=.*/ref='${OWFMS_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov@/s/ref=.*/ref='${OWPROV_VERSION}'\"/g' Chart.yaml
+    sed -i '/wlan-cloud-owprov-ui@/s/ref=.*/ref='${OWPROVUI_VERSION}'\"/g' Chart.yaml
+  fi
+  helm repo add bitnami https://charts.bitnami.com/bitnami
+  helm repo update
+  helm dependency update
+  cd ../..
+  export DEPLOY_SOURCE="wlan-cloud-ucentral-deploy/chart"
+else
+  if [[ "$DEPLOY_METHOD" == "bundle" ]]; then
+    helm repo add tip-wlan-cloud-ucentral-helm https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/ || true
+    export DEPLOY_SOURCE="tip-wlan-cloud-ucentral-helm/openwifi --version $CHART_VERSION"
+  else
+    echo "Deploy method is not correct: $DEPLOY_METHOD. Valid value - git or bundle"
+    exit 1
+  fi
+fi
+
+VALUES_FILES_FLAGS=()
+IFS=',' read -ra VALUES_FILE_LOCATION_SPLITTED <<< "$VALUES_FILE_LOCATION"
+for VALUE_FILE in ${VALUES_FILE_LOCATION_SPLITTED[*]}; do
+  VALUES_FILES_FLAGS+=("-f" $VALUE_FILE)
+done
+EXTRA_VALUES_FLAGS=()
+IFS=',' read -ra EXTRA_VALUES_SPLITTED <<< "$EXTRA_VALUES"
+for EXTRA_VALUE in ${EXTRA_VALUES_SPLITTED[*]}; do
+  EXTRA_VALUES_FLAGS+=("--set" $EXTRA_VALUE)
+done
+
+if [[ "$USE_SEPARATE_OWGW_LB" == "true" ]]; then
+  export HAPROXY_SERVICE_DNS_RECORDS="sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build"
+else
+  export HAPROXY_SERVICE_DNS_RECORDS="gw-${NAMESPACE}.cicd.lab.wlan.tip.build\,sec-${NAMESPACE}.cicd.lab.wlan.tip.build\,fms-${NAMESPACE}.cicd.lab.wlan.tip.build\,prov-${NAMESPACE}.cicd.lab.wlan.tip.build\,rtty-${NAMESPACE}.cicd.lab.wlan.tip.build"
+  export OWGW_SERVICE_DNS_RECORDS=""
+fi
+
+# Run the deployment
+helm upgrade --install --create-namespace --wait --timeout 60m \
+  --namespace openwifi-${NAMESPACE} \
+  ${VALUES_FILES_FLAGS[*]} \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.fileuploader\.host\.0\.name"=gw-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.server"=rtty-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."openwifi\.system\.uri\.public"=https://gw-${NAMESPACE}.cicd.lab.wlan.tip.build:16002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.private"=https://owgw-owgw:17002 \
+  --set owgw.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgw.configProperties."rtty\.token"=${RTTY_TOKEN} \
+  --set owgw.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."authentication\.default\.username"=${OWGW_AUTH_USERNAME} \
+  --set owsec.configProperties."authentication\.default\.password"=${OWGW_AUTH_PASSWORD} \
+  --set owsec.services.owsec.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=sec-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owsec.configProperties."openwifi\.system\.uri\.public"=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.private"=https://owsec-owsec:17001 \
+  --set owsec.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."s3\.secret"=${OWFMS_S3_SECRET} \
+  --set owfms.configProperties."s3\.key"=${OWFMS_S3_KEY} \
+  --set owfms.services.owfms.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=fms-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.configProperties."openwifi\.system\.uri\.public"=https://fms-${NAMESPACE}.cicd.lab.wlan.tip.build:16004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.private"=https://owfms-owfms:17004 \
+  --set owfms.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owfms.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owgwui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owgwui.ingresses.default.hosts={webui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owgwui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprov.services.owprov.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=prov-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.configProperties."openwifi\.system\.uri\.public"=https://prov-${NAMESPACE}.cicd.lab.wlan.tip.build:16005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.private"=https://owprov-owprov:17005 \
+  --set owprov.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprov.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set owprovui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=provui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owprovui.ingresses.default.hosts={provui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owprovui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set rttys.config.token=${RTTY_TOKEN} \
+  --set rttys.services.rttys.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=rtty-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set clustersysteminfo.public_env_variables.OWSEC=sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set clustersysteminfo.secret_env_variables.OWSEC_NEW_PASSWORD=${OWSEC_NEW_PASSWORD} \
+  --set owls.services.owls.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=ls-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owls.configProperties."openwifi\.system\.uri\.public"=https://ls-${NAMESPACE}.cicd.lab.wlan.tip.build:16007 \
+  --set owls.configProperties."openwifi\.system\.uri\.private"=https://owls-owls:17007 \
+  --set owls.configProperties."openwifi\.system\.uri\.ui"=https://webui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=lsui-${NAMESPACE}.cicd.lab.wlan.tip.build \
+  --set owlsui.ingresses.default.hosts={lsui-${NAMESPACE}.cicd.lab.wlan.tip.build} \
+  --set owlsui.public_env_variables.DEFAULT_UCENTRALSEC_URL=https://sec-${NAMESPACE}.cicd.lab.wlan.tip.build:16001 \
+  --set haproxy.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$HAPROXY_SERVICE_DNS_RECORDS \
+  --set owgw.services.owgw.annotations."external-dns\.alpha\.kubernetes\.io/hostname"=$OWGW_SERVICE_DNS_RECORDS \
+  ${EXTRA_VALUES_FLAGS[*]} \
+  --set-file owgw.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owgw.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owgw.certs."websocket-cert\.pem"=$CERT_LOCATION \
+  --set-file owgw.certs."websocket-key\.pem"=$KEY_LOCATION \
+  --set-file rttys.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file rttys.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owsec.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owsec.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owfms.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owfms.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owprov.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owprov.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owls.certs."restapi-cert\.pem"=$CERT_LOCATION \
+  --set-file owls.certs."restapi-key\.pem"=$KEY_LOCATION \
+  --set-file owls.certs."device-cert\.pem"=$DEVICE_CERT_LOCATION \
+  --set-file owls.certs."device-key\.pem"=$DEVICE_KEY_LOCATION \
+  tip-openwifi $DEPLOY_SOURCE

chart/environment-values/values.openwifi-qa.external-db.yaml

@@ -0,0 +1,14 @@
+owgw:
+  configProperties:
+    storage.type: postgresql
+    storage.type.postgresql.host: owgw-pgsql
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+
+  postgresql:
+    enabled: true
+    fullnameOverride: owgw-pgsql
+    postgresqlDatabase: owgw
+    postgresqlUsername: owgw
+    postgresqlPassword: owgw

chart/environment-values/values.openwifi-qa.owls-enabled.yaml

@@ -0,0 +1,173 @@
+owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002"
+
+  configProperties:
+    simulatorid: 53494D020202
+    storage.type: postgresql
+    storage.type.postgresql.host: owgw-pgsql
+    storage.type.postgresql.database: owgw
+    storage.type.postgresql.username: owgw
+    storage.type.postgresql.password: owgw
+
+  resources:
+    requests:
+      cpu: 2000m
+      memory: 3000Mi
+    limits:
+      cpu: 2000m
+      memory: 3000Mi
+
+  postgresql:
+    enabled: true
+    fullnameOverride: owgw-pgsql
+
+    postgresqlDatabase: owgw
+    postgresqlUsername: owgw
+    postgresqlPassword: owgw
+
+owls:
+  enabled: true
+  services:
+    owls:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16107"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16007,17007"
+        external-dns.alpha.kubernetes.io/ttl: "60"
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  resources:
+    requests:
+      cpu: 3000m
+      memory: 8000Mi
+    limits:
+      cpu: 3000m
+      memory: 8000Mi
+
+  checks:
+    owls:
+      liveness:
+        httpGet:
+          path: /
+          port: 16107
+        failureThreshold: 900
+      readiness:
+        httpGet:
+          path: /
+          port: 16107
+        failureThreshold: 900
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWLS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWLS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWLS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owls:
+      - name: config
+        mountPath: /owls-data/owls.properties
+        subPath: owls.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-config
+      - name: certs
+        mountPath: /owls-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-certs
+      - name: certs-cas
+        mountPath: /owls-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-certs-cas
+      # Change this if you want to use another volume type
+      - name: persist
+        mountPath: /owls-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owls.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owls-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owls.fullname" . }}-owls-restapi-tls
+
+owlsui:
+  enabled: true
+
+  services:
+    owlsui:
+      type: NodePort
+
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+        external-dns.alpha.kubernetes.io/ttl: "60"
+      paths:
+      - path: /*
+        serviceName: owlsui
+        servicePort: http
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"

chart/environment-values/values.openwifi-qa.separate-lbs.yaml

@@ -0,0 +1,62 @@
+owgw:
+  services:
+    owgw:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16102"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002,16003,17002,5912,5913"
+
+owsec:
+  services:
+    owsec:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16101"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,17001"
+
+rttys:
+  services:
+    rttys:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
+
+owfms:
+  services:
+    owfms:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16104"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004"
+
+owprov:
+  services:
+    owprov:
+      type: LoadBalancer
+      annotations:
+        service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
+        service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+        service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "16105"
+        service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+        service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
+        service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16005,17005"
+
+haproxy:
+  enabled: false

chart/environment-values/values.openwifi-qa.test-nodes.yaml

@@ -0,0 +1,118 @@
+owgw:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+owsec:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owgwui:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owfms:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owprov:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owprovui:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owls:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+  postgresql:
+    primary:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+    readReplicas:
+      nodeSelector:
+        env: tests
+      tolerations:
+      - key: "tests"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+rttys:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+owlsui:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+
+kafka:
+  nodeSelector:
+    env: tests
+  tolerations:
+  - key: "tests"
+    operator: "Exists"
+    effect: "NoSchedule"
+  zookeeper:
+    nodeSelector:
+      env: tests
+    tolerations:
+    - key: "tests"
+      operator: "Exists"
+      effect: "NoSchedule"

chart/environment-values/values.openwifi-qa.yaml

@@ -0,0 +1,466 @@
+owgw:
+  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
+  checks:
+    owgw:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 100m
+      memory: 100Mi
+    limits:
+      cpu: 100m
+      memory: 200Mi
+
+  securityContext:
+    sysctls:
+    - name: net.ipv4.tcp_keepalive_intvl
+      value: "5"
+    - name: net.ipv4.tcp_keepalive_probes
+      value: "2"
+    - name: net.ipv4.tcp_keepalive_time
+      value: "45"
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  podSecurityPolicy:
+    enabled: true
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWGW_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWGW_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWGW_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owgw:
+      - name: config
+        mountPath: /owgw-data/owgw.properties
+        subPath: owgw.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-config
+      - name: certs
+        mountPath: /owgw-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs
+      - name: certs-cas
+        mountPath: /owgw-data/certs/cas
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-certs-cas
+      - name: persist
+        mountPath: /owgw-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owgw.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owgw-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owgw.fullname" . }}-owgw-restapi-tls
+
+owsec:
+  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
+  checks:
+    owsec:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 15Mi
+    limits:
+      cpu: 100m
+      memory: 100Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWSEC_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWSEC_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWSEC_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owsec:
+      - name: config
+        mountPath: /owsec-data/owsec.properties
+        subPath: owsec.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-config
+      - name: certs
+        mountPath: /owsec-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-certs
+      - name: persist
+        mountPath: /owsec-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owsec.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owsec-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owsec.fullname" . }}-owsec-restapi-tls
+
+rttys:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 15Mi
+    limits:
+      cpu: 100m
+      memory: 100Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+owgwui:
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+      paths:
+      - path: /*
+        serviceName: owgwui
+        servicePort: http
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 30Mi
+    limits:
+      cpu: 10m
+      memory: 30Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+owfms:
+  # https://telecominfraproject.atlassian.net/browse/WIFI-5840
+  checks:
+    owfms:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 30Mi
+    limits:
+      cpu: 50m
+      memory: 80Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWFMS_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWFMS_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWFMS_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owfms:
+      - name: config
+        mountPath: /owfms-data/owfms.properties
+        subPath: owfms.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-config
+      - name: certs
+        mountPath: /owfms-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-certs
+      - name: persist
+        mountPath: /owfms-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owfms.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owfms-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owfms.fullname" . }}-owfms-restapi-tls
+
+owprov:
+  checks:
+    owprov:
+      readiness:
+        exec:
+          command: ["true"]
+
+  resources:
+    requests:
+      cpu: 10m
+      memory: 20Mi
+    limits:
+      cpu: 100m
+      memory: 100Mi
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+  certs:
+    restapi-ca.pem: |
+      -----BEGIN CERTIFICATE-----
+      MIIDojCCAoqgAwIBAgIUPVYBpqNbcLYygF6Mx+qxSWwQyFowDQYJKoZIhvcNAQEL
+      BQAwaTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG1RlbGVjb20gSW5mcmEgUHJvamVj
+      dCwgSW5jLjEMMAoGA1UECxMDVElQMSYwJAYDVQQDEx1UZWxlY29tIEluZnJhIFBy
+      b2plY3QgUm9vdCBDQTAeFw0yMTA0MTMyMjQyNDRaFw0zMTA0MTMyMjM4NDZaMGkx
+      CzAJBgNVBAYTAlVTMSQwIgYDVQQKExtUZWxlY29tIEluZnJhIFByb2plY3QsIElu
+      Yy4xDDAKBgNVBAsTA1RJUDEmMCQGA1UEAxMdVGVsZWNvbSBJbmZyYSBQcm9qZWN0
+      IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIGCibwf5u
+      AAwZ+1H8U0e3u2V+0d2gSctucoK86XwUmfe1V2a/qlCYZd29r80IuN1IIeB0naIm
+      KnK/MzXW87clF6tFd1+HzEvmlY/W4KyIXalVCTEzirFSvBEG2oZpM0yC3AefytAO
+      aOpA00LaM3xTfTqMKIRhJBuLy0I4ANUVG6ixVebbGuc78IodleqiLoWy2Q9QHyEO
+      t/7hZndJhiVogh0PveRhho45EbsACu7ymDY+JhlIleevqwlE3iQoq0YcmYADHno6
+      Eq8vcwLpZFxihupUafkd1T3WJYQAJf9coCjBu2qIhNgrcrGD8R9fGswwNRzMRMpX
+      720+GjcDW3bJAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAJG
+      lmB5sVP2qfL3xZ8hQOTpkQH6MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+      AAOCAQEAVjl9dm4epG9NUYnagT9sg7scVQEPfz3Lt6w1NXJXgD8mAUlK0jXmEyvM
+      dCPD4514n+8+lM7US8fh+nxc7jO//LwK17Wm9FblgjNFR7+anv0Q99T9fP19DLlF
+      PSNHL2emogy1bl1lLTAoj8nxg2wVKPDSHBGviQ5LR9fsWUIJDv9Bs5k0qWugWYSj
+      19S6qnHeskRDB8MqRLhKMG82oDVLerSnhD0P6HjySBHgTTU7/tYS/OZr1jI6MPbG
+      L+/DtiR5fDVMNdBSGU89UNTi0wHY9+RFuNlIuvZC+x/swF0V9R5mN+ywquTPtDLA
+      5IOM7ItsRmen6u3qu+JXros54e4juQ==
+      -----END CERTIFICATE-----
+
+  public_env_variables:
+    SELFSIGNED_CERTS: "true"
+
+  configProperties:
+    openwifi.internal.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.internal.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.internal.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+    openwifi.restapi.host.0.rootca: $OWPROV_ROOT/certs/restapi-certs/ca.crt
+    openwifi.restapi.host.0.cert: $OWPROV_ROOT/certs/restapi-certs/tls.crt
+    openwifi.restapi.host.0.key: $OWPROV_ROOT/certs/restapi-certs/tls.key
+
+  volumes:
+    owprov:
+      - name: config
+        mountPath: /owprov-data/owprov.properties
+        subPath: owprov.properties
+        # Template below will be rendered in template
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-config
+      - name: certs
+        mountPath: /owprov-data/certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-certs
+      - name: persist
+        mountPath: /owprov-data/persist
+        volumeDefinition: |
+          persistentVolumeClaim:
+            claimName: {{ template "owprov.fullname" . }}-pvc
+
+      - name: restapi-certs
+        mountPath: /owprov-data/certs/restapi-certs
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+      - name: restapi-ca
+        mountPath: /usr/local/share/ca-certificates/restapi-ca-selfsigned.pem
+        subPath: ca.crt
+        volumeDefinition: |
+          secret:
+            secretName: {{ include "owprov.fullname" . }}-owprov-restapi-tls
+
+owprovui:
+  ingresses:
+    default:
+      enabled: true
+      annotations:
+        kubernetes.io/ingress.class: alb
+        alb.ingress.kubernetes.io/scheme: internet-facing
+        alb.ingress.kubernetes.io/group.name: wlan-cicd
+        alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+        alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
+        alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
+      paths:
+      - path: /*
+        serviceName: owprovui
+        servicePort: http
+
+  podAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+
+
+kafka:
+  commonAnnotations:
+    cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+  heapOpts: -Xmx512m -Xms512m
+  resources:
+    requests:
+      cpu: 100m
+      memory: 512Mi
+    limits:
+      cpu: 500m
+      memory: 1Gi
+  readinessProbe:
+    initialDelaySeconds: 45
+  livenessProbe:
+    initialDelaySeconds: 60
+  zookeeper:
+    commonAnnotations:
+      cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+    heapSize: 256
+    resources:
+      requests:
+        cpu: 100m
+        memory: 256Mi
+      limits:
+        cpu: 200m
+        memory: 384Mi
+
+clustersysteminfo:
+  enabled: true
+  delay: 60 # delaying to wait for AWS Route53 DNS propagation
+
+haproxy:
+  service:
+    annotations:
+      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
+      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "8080"
+      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
+      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16004,17004,16002,16003,17002,16005,17005,16001,17001,5912,5913,16009"
+      service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+
+restapiCerts:
+  enabled: true

chart/templates/job-clustersysteminfo.yaml

@@ -0,0 +1,82 @@
+{{- $root := . -}}
+{{- if .Values.clustersysteminfo.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "openwifi.fullname" . }}-clustersysteminfo-check
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "10"
+    "helm.sh/hook-delete-policy": before-hook-creation
+  labels:
+    app.kubernetes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  {{- with .Values.clustersysteminfo.activeDeadlineSeconds }}
+  activeDeadlineSeconds: {{ . }}
+  {{- end }}
+  {{- with .Values.clustersysteminfo.backoffLimit }}
+  backoffLimit: {{ . }}
+  {{- end }}
+  template:
+    metadata:
+      name: {{ include "openwifi.fullname" . }}-clustersysteminfo-check
+      labels:
+        app.kubernetes.io/name: {{ include "openwifi.name" . }}
+        helm.sh/chart: {{ include "openwifi.chart" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+    spec:
+      containers:
+        - name: clustersysteminfo-check
+          image: "{{ .Values.clustersysteminfo.images.clustersysteminfo.repository }}:{{ .Values.clustersysteminfo.images.clustersysteminfo.tag }}"
+          imagePullPolicy: {{ .Values.clustersysteminfo.images.clustersysteminfo.pullPolicy }}
+
+          env:
+            - name: KUBERNETES_DEPLOYED
+              value: "{{ now }}"
+          {{- range $key, $value := .Values.clustersysteminfo.public_env_variables }}
+            - name: {{ $key }}
+              value: {{ $value | quote }}
+          {{- end }}
+          {{- range $key, $value := .Values.clustersysteminfo.secret_env_variables }}
+            - name: {{ $key }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "openwifi.fullname" $root }}-clustersysteminfo-env
+                  key: {{ $key }}
+          {{- end }}
+
+          {{- with .Values.clustersysteminfo.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+
+      restartPolicy: {{ .Values.clustersysteminfo.restartPolicy }}
+
+      imagePullSecrets:
+      {{- range $image, $imageValue := .Values.clustersysteminfo.images }}
+        {{- if $imageValue.regcred }}
+      - name: {{ include "openwifi.fullname" $root }}-{{ $image }}-clustersysteminfo-regcred
+        {{- end }}
+      {{- end }}
+
+      {{- with .Values.clustersysteminfo.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      {{- with .Values.clustersysteminfo.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+      {{- with .Values.clustersysteminfo.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+
+{{- end }}

chart/templates/secret-clustersysteminfo-env.yaml

@@ -0,0 +1,19 @@
+{{- $root := . -}}
+{{- if .Values.clustersysteminfo.enabled }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-clustersysteminfo-env
+kind: Secret
+type: Opaque
+data:
+  # Secret env variables
+  {{- range $key, $value := .Values.clustersysteminfo.secret_env_variables }}
+  {{ $key }}: {{ $value | b64enc | quote }}
+  {{- end }}
+{{- end }}

chart/templates/secret-clustersysteminfo-regcred.yaml

@@ -0,0 +1,20 @@
+{{- $root := . -}}
+{{- if .Values.clustersysteminfo.enabled }}
+{{- range $image, $imageValue := .Values.clustersysteminfo.images }}
+{{- if $imageValue.regcred }}
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/dockerconfigjson
+metadata:
+  labels:
+    app.kuberentes.io/name: {{ include "openwifi.name" $root }}
+    helm.sh/chart: {{ include "openwifi.chart" $root }}
+    app.kubernetes.io/instance: {{ $root.Release.Name }}
+    app.kubernetes.io/managed-by: {{ $root.Release.Service }}
+  name: {{ include "openwifi.fullname" $root }}-{{ $image }}-clustersysteminfo-regcred
+data:
+  .dockerconfigjson: {{ $imageValue.regcred | quote }}
+{{- end }}
+{{- end }}
+{{- end }}

chart/values.yaml

@@ -22,6 +22,22 @@ owfms:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
+# OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/)
+owprov:
+  fullnameOverride: owprov
+
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
+
+# OpenWIFI Web UI (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/)
+owgwui:
+  fullnameOverride: owgwui
+
+# OpenWIFI Provisioning Web UI (https://github.com/Telecominfraproject/wlan-cloud-owprov-ui/)
+owprovui:
+  fullnameOverride: owprovui
+
 # rttys (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-rtty)
 rttys:
   enabled: true
@@ -47,6 +63,306 @@ kafka:
   zookeeper:
     fullnameOverride: zookeeper
 
-# OpenWIFI Web UI (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw-ui/)
-owgwui:
-  fullnameOverride: owgwui
+# clustersysteminfo check
+clustersysteminfo:
+  enabled: false
+
+  fullnameOverride: clustersysteminfo
+
+  images:
+    clustersysteminfo:
+      repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
+      tag: v2.4.1
+      pullPolicy: Always
+#      regcred:
+#        registry: tip-tip-wlan-cloud-ucentral.jfrog.io
+#        username: username
+#        password: password
+
+  resources: {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # requests:
+    #  cpu: 100m
+    #  memory: 128Mi
+    # limits:
+    #  cpu: 100m
+    #  memory: 128Mi
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  public_env_variables:
+    FLAGS: "-s --connect-timeout 3"
+    OWSEC: sec:16001
+    CHECK_RETRIES: 30
+
+  secret_env_variables:
+    OWSEC_DEFAULT_USERNAME: tip@ucentral.com
+    OWSEC_DEFAULT_PASSWORD: openwifi
+    #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
+
+  activeDeadlineSeconds: 2400
+  backoffLimit: 5
+  restartPolicy: OnFailure
+
+# OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
+owls:
+  enabled: false
+
+  fullnameOverride: owls
+
+  configProperties:
+    openwifi.kafka.enable: "true"
+    openwifi.kafka.brokerlist: kafka:9092
+
+# OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
+owlsui:
+  enabled: false
+
+  fullnameOverride: owlsui
+
+# HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
+haproxy:
+  enabled: false
+
+  fullnameOverride: proxy
+
+  replicaCount: 3
+
+  service:
+    type: LoadBalancer
+    ports:
+      # healthcheck
+      - name: health
+        protocol: TCP
+        port: 8080
+        targetPort: health
+      # owfms
+      - name: owfmsrest
+        protocol: TCP
+        port: 16004
+        targetPort: owfmsrest
+      - name: owfmsrestint
+        protocol: TCP
+        port: 17004
+        targetPort: owfmsrestint
+      # owgw
+      - name: owgwws
+        protocol: TCP
+        port: 15002
+        targetPort: owgwws
+      - name: owgwrest
+        protocol: TCP
+        port: 16002
+        targetPort: owgwrest
+      - name: owgwfileup
+        protocol: TCP
+        port: 16003
+        targetPort: owgwfileup
+      - name: owgwrestint
+        protocol: TCP
+        port: 17002
+        targetPort: owgwrestint
+      # owprov
+      - name: owprovrest
+        protocol: TCP
+        port: 16005
+        targetPort: owprovrest
+      - name: owprovrestint
+        protocol: TCP
+        port: 17005
+        targetPort: owprovrestint
+      # owsec
+      - name: owsecrest
+        protocol: TCP
+        port: 16001
+        targetPort: owsecrest
+      - name: owsecrestint
+        protocol: TCP
+        port: 17001
+        targetPort: owsecrestint
+      # rttys
+      - name: rttysdev
+        protocol: TCP
+        port: 5912
+        targetPort: rttysdev
+      - name: rttysuser
+        protocol: TCP
+        port: 5913
+        targetPort: rttysuser
+      - name: rttysweb
+        protocol: TCP
+        port: 5914
+        targetPort: rttysweb
+
+  containerPorts:
+    # healthcheck
+    - name: health
+      containerPort: 8080
+    # owfms
+    - name: owfmsrest
+      containerPort: 16004
+    - name: owfmsrestint
+      containerPort: 17004
+    # owgw
+    - name: owgwws
+      containerPort: 15002
+    - name: owgwrest
+      containerPort: 16002
+    - name: owgwfileup
+      containerPort: 16003
+    - name: owgwrestint
+      containerPort: 17002
+    # owprov
+    - name: owprovrest
+      containerPort: 16005
+    - name: owprovrestint
+      containerPort: 17005
+    # owsec
+    - name: owsecrest
+      containerPort: 16001
+    - name: owsecrestint
+      containerPort: 17001
+    # rttys
+    - name: rttysdev
+      containerPort: 5912
+    - name: rttysuser
+      containerPort: 5913
+    - name: rttysweb
+      containerPort: 5914
+
+  configuration: |
+    global
+      log stdout format raw local0
+      maxconn 1024
+    defaults
+      log global
+      timeout client 360s
+      timeout connect 60s
+      timeout server 360s
+
+    # healthcheck
+    frontend front_healthcheck
+      bind :8080
+      mode http
+      default_backend back_healthcheck
+    backend back_healthcheck
+      mode http
+      http-after-response set-header Access-Control-Allow-Origin "*"
+      http-after-response set-header Access-Control-Max-Age "31536000"
+      http-request return status 200 content-type "text/plain" string "Pong"
+
+    # owfms
+    frontend front_owfms_rest
+      bind :16004
+      mode tcp
+      default_backend back_owfms_rest
+    backend back_owfms_rest
+      mode tcp
+      server svc_owfms_rest owfms-owfms:16004
+
+    frontend front_owfms_rest_internal
+      bind :17004
+      mode tcp
+      default_backend back_owfms_rest_internal
+    backend back_owfms_rest_internal
+      mode tcp
+      server svc_owfms_rest_internal owfms-owfms:17004
+
+    # owgw
+    frontend front_owgw_websocket
+      bind :15002
+      mode tcp
+      default_backend back_owgw_websocket
+    backend back_owgw_websocket
+      mode tcp
+      server svc_owgw_websocket owgw-owgw:15002
+
+    frontend front_owgw_rest
+      bind :16002
+      mode tcp
+      default_backend back_owgw_rest
+    backend back_owgw_rest
+      mode tcp
+      server svc_owgw_rest owgw-owgw:16002
+
+    frontend front_owgw_fileuploader
+      bind :16003
+      mode tcp
+      default_backend back_owgw_fileuploader
+    backend back_owgw_fileuploader
+      mode tcp
+      server svc_owgw_fileuploader owgw-owgw:16003
+
+    frontend front_owgw_rest_internal
+      bind :17002
+      mode tcp
+      default_backend back_owgw_rest_internal
+    backend back_owgw_rest_internal
+      mode tcp
+      server svc_owgw_rest_internal owgw-owgw:17002
+
+    # owprov
+    frontend front_owprov_rest
+      bind :16005
+      mode tcp
+      default_backend back_owprov_rest
+    backend back_owprov_rest
+      mode tcp
+      server svc_owprov_rest owprov-owprov:16005
+
+    frontend front_owprov_rest_internal
+      bind :17005
+      mode tcp
+      default_backend back_owprov_rest_internal
+    backend back_owprov_rest_internal
+      mode tcp
+      server svc_owprov_rest_internal owprov-owprov:17005
+
+    # owsec
+    frontend front_owsec_rest
+      bind :16001
+      mode tcp
+      default_backend back_owsec_rest
+    backend back_owsec_rest
+      mode tcp
+      server svc_owsec_rest owsec-owsec:16001
+
+    frontend front_owsec_rest_internal
+      bind :17001
+      mode tcp
+      default_backend back_owsec_rest_internal
+    backend back_owsec_rest_internal
+      mode tcp
+      server svc_owsec_rest_internal owsec-owsec:17001
+
+    # rttys
+    frontend front_rttys_dev
+      bind :5912
+      mode tcp
+      default_backend back_rttys_dev
+    backend back_rttys_dev
+      mode tcp
+      server svc_rttys_dev rttys-rttys:5912
+
+    frontend front_rttys_user
+      bind :5913
+      mode tcp
+      default_backend back_rttys_user
+    backend back_rttys_user
+      mode tcp
+      server svc_rttys_user rttys-rttys:5913
+
+    frontend front_rttys_web
+      bind :5914
+      mode tcp
+      default_backend back_rttys_web
+    backend back_rttys_web
+      mode tcp
+      server svc_rttys_web rttys-rttys:5914

docker-compose/.env

@@ -0,0 +1,28 @@
+# Image tags
+COMPOSE_PROJECT_NAME=openwifi
+OWGW_TAG=v2.4.1
+OWGWUI_TAG=v2.4.0
+OWSEC_TAG=v2.4.1
+OWFMS_TAG=v2.4.1
+OWPROV_TAG=main
+OWPROVUI_TAG=main
+RTTYS_TAG=3.5.0
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
+POSTGRESQL_TAG=latest
+
+# Microservice root/config directories
+OWGW_ROOT=/owgw-data
+OWGW_CONFIG=/owgw-data
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+OWFMS_ROOT=/owfms-data
+OWFMS_CONFIG=/owfms-data
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
+
+# Microservice hostnames
+INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
+INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
+INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
+INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local

docker-compose/.env.letsencrypt

@@ -1,9 +1,11 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.2.0-RC1
-OWGWUI_TAG=v2.2.0-RC1
-OWSEC_TAG=v2.2.0-RC1
-OWFMS_TAG=v2.2.0-RC1
+OWGW_TAG=v2.4.1
+OWGWUI_TAG=v2.4.0
+OWSEC_TAG=v2.4.1
+OWFMS_TAG=v2.4.1
+OWPROV_TAG=main
+OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
@@ -17,17 +19,22 @@ OWSEC_ROOT=/owsec-data
 OWSEC_CONFIG=/owsec-data
 OWFMS_ROOT=/owfms-data
 OWFMS_CONFIG=/owfms-data
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
 
 # Microservice hostnames
 INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
 INTERNAL_OWGWUI_HOSTNAME=owgw-ui.wlan.local
 INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
 INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
+INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
+INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
-SYSTEM_URI_UI=https://openwifi.wlan.local
 OWGW_HOSTNAME=
 OWGWUI_HOSTNAME=
 OWGWFILEUPLOAD_HOSTNAME=
 OWSEC_HOSTNAME=
 OWFMS_HOSTNAME=
+OWPROV_HOSTNAME=
+OWPROVUI_HOSTNAME=
 RTTYS_HOSTNAME=

docker-compose/.env.selfsigned

@@ -1,9 +1,11 @@
 # Image tags
 COMPOSE_PROJECT_NAME=openwifi
-OWGW_TAG=v2.2.0-RC1
-OWGWUI_TAG=v2.2.0-RC1
-OWSEC_TAG=v2.2.0-RC1
-OWFMS_TAG=v2.2.0-RC1
+OWGW_TAG=v2.4.1
+OWGWUI_TAG=v2.4.0
+OWSEC_TAG=v2.4.1
+OWFMS_TAG=v2.4.1
+OWPROV_TAG=main
+OWPROVUI_TAG=main
 RTTYS_TAG=3.5.0
 KAFKA_TAG=latest
 ZOOKEEPER_TAG=latest
@@ -17,11 +19,14 @@ OWSEC_ROOT=/owsec-data
 OWSEC_CONFIG=/owsec-data
 OWFMS_ROOT=/owfms-data
 OWFMS_CONFIG=/owfms-data
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
 
 # Microservice hostnames
 INTERNAL_OWGW_HOSTNAME=owgw.wlan.local
 INTERNAL_OWGWUI_HOSTNAME=owgw-ui.wlan.local
 INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
 INTERNAL_OWFMS_HOSTNAME=owfms.wlan.local
+INTERNAL_OWPROV_HOSTNAME=owprov.wlan.local
+INTERNAL_OWPROVUI_HOSTNAME=owprov-ui.wlan.local
 INTERNAL_RTTYS_HOSTNAME=rttys.wlan.local
-SYSTEM_URI_UI=https://openwifi.wlan.local

docker-compose/README.md

@@ -1,74 +1,192 @@
-# Docker Compose
-With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to generate and use Letsencrypt certs instead of the provided self-signed cert for everything except the owgw websocket service.
-## Deployment with self-signed certificates
+# OpenWifi SDK Docker Compose
+### Overview
+With the provided Docker Compose files you can instantiate a deployment of the OpenWifi microservices and related components. The repository contains a self-signed certificate and a TIP-signed gateway certificate which are valid for the `*.wlan.local` domain. You also have the possibility to either generate and use Letsencrypt certs or provide your own certificates. Furthermore the deployments are split by whether Traefik is used as a reverse proxy/load balancer in front of the microservices or if they are exposed directly on the host. The advantage of using the deployments with Traefik is that you can use Letsencrypt certs (automatic certificate generation and renewal) and you have the ability to scale specific containers to multiple replicas.  
+The repository also contains a separate Docker Compose deployment to set up the [OWLS microservice](https://github.com/Telecominfraproject/wlan-cloud-owls) and related components for running a load simulation test against an existing controller.
+- [Non-LB deployment with self-signed certificates](#non-lb-deployment-with-self-signed-certificates)
+- [Non-LB deployment with own certificates](#non-lb-deployment-with-own-certificates)
+- [Non-LB deployment with PostgreSQL](#non-lb-deployment-with-postgresql)
+- [LB deployment with self-signed certificates](#lb-deployment-with-self-signed-certificates)
+- [LB deployment with Letsencrypt certificates](#lb-deployment-with-letsencrypt-certificates)
+- [OWLS deployment with self-signed certificates](owls/README.md)
+### Configuration
+If you don't bind mount your own config files they are generated on every startup based on the environment variables in the microservice specific env files. For an overview of the supported configuration properties have a look into the microservice specific env files. For an explanation of the configuration properties please see the README in the respective microservice repository.  
+Be aware that the non-LB deployment exposes the generated config files on the host. So if you want to make configuration changes afterwards, please do them directly in the config files located in the microservice data directories.
+#### Required password changing on the first startup
+One important action that must be done before using the deployment is changing password for the default user in owsec as described in [owsec docs](https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/tree/main#changing-default-password). Please use these docs to find the actions that must be done **after** the deployment in order to start using your deployment.
+### Ports
+Every OpenWifi service is exposed via a separate port either directly on the host or through Traefik. For an overview of the exposed ports have a look into the deployment specific Docker Compose file. If you use your own certificates or make use of the [Letsencrypt LB deployment](#lb-deployment-with-letsencrypt-certificates), you can also configure different hostnames for the microservices.  
+Please note that the OWProv-UI is exposed on port `8080(HTTP)/8443(HTTPS)` by default except for the Letsencrypt LB deployment, where the service listens on the default `80/443` HTTP(S) ports.
+### owsec templates and wwwassets
+On the startup of owsec directories for wwwassets and mailer templates are created from the base files included in Docker image. After the initial startup you may edit those files as you wish in the [owsec-data/persist](./owsec-data/persist) directory.
+## Non-LB deployment with self-signed certificates
 1. Switch into the project directory with `cd docker-compose/`.
 2. Add an entry for `openwifi.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the deployment is.
-3. Since the deployment is split into multiple Compose and .env files it makes sense to create an alias, for example:
-```
-alias docker-compose-selfsigned="docker-compose -f docker-compose.yml -f docker-compose.selfsigned.yml --env-file .env.selfsigned"
-```
-Spin up the deployment with `docker-compose-selfsigned up -d` and make sure to always use the alias when executing `docker-compose` commands. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-
-4. Check if the containers are up and running with `docker-compose-selfsigned ps`.
-5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002 and https://openwifi.wlan.local:16004.
-6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local` which points to the address of the host the Compose deployment runs on.
-7. Navigate to the UI `https://openwifi.wlan.local` and login with your OWSec authentication data.
+3. Spin up the deployment with `docker-compose up -d`.
+4. Check if the containers are up and running with `docker-compose ps`.
+5. Add SSL certificate exceptions in your browser by visiting https://openwifi.wlan.local:16001, https://openwifi.wlan.local:16002, https://openwifi.wlan.local:16004 and https://openwifi.wlan.local:16005.
+6. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `openwifi.wlan.local`. This should point to the address of the host the Compose deployment runs on.
+7. Login to the UI `https://openwifi.wlan.local` and follow the instructions to change your default password.
 8. To use the curl test scripts included in the microservice repositories set the following environment variables:
 ```
-export UCENTRALSEC="openwifi.wlan.local:16001"
+export OWSEC="openwifi.wlan.local:16001"
 export FLAGS="-s --cacert <your-wlan-cloud-ucentral-deploy-location>/docker-compose/certs/restapi-ca.pem"
 ```
 ⚠️**Note**: When deploying with self-signed certificates you can not make use of the trace functionality in the UI since the AP will throw a TLS error when uploading the trace to OWGW. Please use the Letsencrypt deployment or provide your own valid certificates if you want to use this function.
-
-## Deployment with Letsencrypt certificates
+## Non-LB deployment with own certificates
+1. Switch into the project directory with `cd docker-compose/`. Copy your websocket and REST API certificates into the `certs/` directory. Make sure to reference the certificates accordingly in the service config if you use different file names or if you want to use different certificates for the respective microservices.
+2. Adapt the following hostname and URI variables according to your environment:
+### .env
+| Variable                   | Description                                                         |
+| -------------------------- | ------------------------------------------------------------------- |
+| `INTERNAL_OWGW_HOSTNAME`   | Set this to your OWGW hostname, for example `owgw.example.com`.     |
+| `INTERNAL_OWSEC_HOSTNAME`  | Set this to your OWSec hostname, for example `owsec.example.com`.   |
+| `INTERNAL_OWFMS_HOSTNAME`  | Set this to your OWFms hostname, for example `owfms.example.com`.   |
+| `INTERNAL_OWPROV_HOSTNAME` | Set this to your OWProv hostname, for example `owprov.example.com`. |
+### owgw.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME`                 | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
+| `FILEUPLOADER_URI`                       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
+| `RTTY_SERVER`                            | Set this to your RTTY server hostname, for example `rttys.example.com`.             |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owgw-ui.env
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+### owsec.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWSec REST API URL, for example `https://owsec.example.com:16001`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owfms.env
+| Variable                                 | Description                                                                         |
+| ---------------------------------------- | ----------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWFms REST API URL, for example `https://owfms.example.com:16004`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
+### owprov.env
+| Variable                                 | Description                                                                           |
+| ---------------------------------------- | ------------------------------------------------------------------------------------- |
+| `SYSTEM_URI_PRIVATE`,`SYSTEM_URI_PUBLIC` | Set this to your OWProv REST API URL, for example `https://owprov.example.com:16005`. |
+| `SYSTEM_URI_UI`                          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.              |
+### owprov-ui.env
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+3. Spin up the deployment with `docker-compose up -d`.
+4. Check if the containers are up and running with `docker-compose ps`.
+5. Login to the UI and and follow the instructions to change your default password.
+## Non-LB deployment with PostgreSQL
+1. Switch into the project directory with `cd docker-compose/`.
+2. Set the following variables in the env files and make sure to uncomment the lines. It is highly recommended that you change the DB passwords to some random string.
+### owgw.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owgw`            |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owgw`            |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owgw`            |
+### owsec.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owsec`           |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owsec`           |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owsec`           |
+### owfms.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owfms`           |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owfms`           |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owfms`           |
+### owprov.env
+| Variable                           | Value/Description |
+| ---------------------------------- | ----------------- |
+| `STORAGE_TYPE`                     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_HOST`     | `postgresql`      |
+| `STORAGE_TYPE_POSTGRESQL_USERNAME` | `owprov`          |
+| `STORAGE_TYPE_POSTGRESQL_PASSWORD` | `owprov`          |
+| `STORAGE_TYPE_POSTGRESQL_DATABASE` | `owprov`          |
+### postgresql.env
+| Variable             | Value      |
+| -------------------- | ---------- |
+| `POSTGRES_PASSWORD`  | `postgres` |
+| `POSTGRES_USER`      | `postgres` |
+| `OWGW_DB`            | `owgw`     |
+| `OWGW_DB_USER`       | `owgw`     |
+| `OWGW_DB_PASSWORD`   | `owgw`     |
+| `OWSEC_DB`           | `owsec`    |
+| `OWSEC_DB_USER`      | `owsec`    |
+| `OWSEC_DB_PASSWORD`  | `owsec`    |
+| `OWFMS_DB`           | `owfms`    |
+| `OWFMS_DB_USER`      | `owfms`    |
+| `OWFMS_DB_PASSWORD`  | `owfms`    |
+| `OWPROV_DB`          | `owprov`   |
+| `OWPROV_DB_USER`     | `owprov`   |
+| `OWPROV_DB_PASSWORD` | `owprov`   |
+3. Depending on whether you want to use [self-signed certificates](#non-lb-deployment-with-self-signed-certificates) or [provide your own](#non-lb-deployment-with-own-certificates), follow the instructions of the according deployment model. Spin up the deployment with `docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml up -d`. It is recommended to create an alias for this deployment model with `alias docker-compose-postgresql="docker-compose -f docker-compose.yml -f docker-compose.postgresql.yml"`.
+## LB deployment with self-signed certificates
+Follow the same instructions as for the self-signed deployment without Traefik. The only difference is that you have to spin up the deployment with `docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-selfsigned="docker-compose -f docker-compose.lb.selfsigned.yml --env-file .env.selfsigned"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-selfsigned up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
+## LB deployment with Letsencrypt certificates
+For the Letsencrypt challenge to work you need a public IP address. The hostnames which you set for the microservices have to resolve to this IP address to pass the HTTP-01 challenge (https://letsencrypt.org/docs/challenge-types/#http-01-challenge).
 1. Switch into the project directory with `cd docker-compose/`.
 2. Adapt the following hostname and URI variables according to your environment.
 ### .env.letsencrypt
-| Variable                  | Description                                         |
-| ------------------------- | --------------------------------------------------- |
-| `OWGW_HOSTNAME`           | This will be used as a hostname for OWGW REST API   |
-| `UCENTRALGWUI_HOSTNAME`   | This will be used as a hostname for uCentralGW-UI   |
-| `OWGWFILEUPLOAD_HOSTNAME` | This will be used as a hostname for OWGW fileupload |
-| `OWSEC_HOSTNAME`          | This will be used as a hostname for OWSec REST API  |
-| `OWFMS_HOSTNAME`          | This will be used as a hostname for OWFms REST API  |
-| `RTTYS_HOSTNAME`          | This will be used as a hostname for RTTYS           |
-| `SYSTEM_URI_UI`           | Set this to your uCentralGW-UI URL                  |
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `OWGW_HOSTNAME`           | Set this to your OWGW hostname, for example `owgw.example.com`.            |
+| `OWGWUI_HOSTNAME`         | Set this to your OWGW-UI hostname, for example `owgw-ui.example.com`.      |
+| `OWGWFILEUPLOAD_HOSTNAME` | Set this to your OWGW fileupload hostname, for example `owgw.example.com`. |
+| `OWSEC_HOSTNAME`          | Set this to your OWSec hostname, for example `owsec.example.com`.          |
+| `OWFMS_HOSTNAME`          | Set this to your OWFms hostname, for example `owfms.example.com`.          |
+| `OWPROV_HOSTNAME`         | Set this to your OWProv hostname, for example `owprov.example.com`.        |
+| `OWPROVUI_HOSTNAME`       | Set this to your OWProv-UI hostname, for example `owprov-ui.example.com`.  |
+| `RTTYS_HOSTNAME`          | Set this to your RTTYS hostname, for example `rttys.example.com`.          |
 
 ### owgw.env
-| Variable                 | Description                                  |
-| -----------------------  | -------------------------------------------- |
-| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname    |
-| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL         |
-| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API public URL    |
-| `RTTY_SERVER`            | Set this to your public RTTY server hostname |
+| Variable                 | Description                                                                         |
+| -----------------------  | ----------------------------------------------------------------------------------- |
+| `FILEUPLOADER_HOST_NAME` | Set this to your OWGW fileupload hostname, for example `owgw.example.com`.          |
+| `FILEUPLOADER_URI`       | Set this to your OWGW fileupload URL, for example `https://owgw.example.com:16003`. |
+| `SYSTEM_URI_PUBLIC`      | Set this to your OWGW REST API URL, for example `https://owgw.example.com:16002`.   |
+| `RTTY_SERVER`            | Set this to your public RTTY server hostname, for example `rttys.example.com`.      |
+| `SYSTEM_URI_UI`          | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.            |
 
-### ucentralgw-ui.env
-| Variable            | Description                       |
-| ------------------- | --------------------------------- |
-| `DEFAULT_OWSEC_URL` | Set this to your public OWSec URL |
+### owgw-ui.env
+| Variable            | Description                                                                |
+| ------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_OWSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 
 ### owsec.env
-| Variable            | Description                       |
-| ------------------- | --------------------------------- |
-| `SYSTEM_URI_PUBLIC` | Set this to your OWSec public URL |
+| Variable            | Description                                                                |
+| ------------------- | -------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.   |
 
 ### owfms.env
-| Variable             | Description                              |
-| -------------------- | ---------------------------------------- |
-| `SYSTEM_URI_PUBLIC`  | Set this to your OWFms public URL  |
-
+| Variable            | Description                                                                |
+| ------------------- | -------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC` | Set this to your OWFms URL, for example `https://owfms.example.com:16004`. |
+| `SYSTEM_URI_UI`     | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.   |
+### owprov.env
+| Variable             | Description                                                                  |
+| -------------------- | ---------------------------------------------------------------------------- |
+| `SYSTEM_URI_PUBLIC`  | Set this to your OWProv URL, for example `https://owprov.example.com:16005`. |
+| `SYSTEM_URI_UI`      | Set this to your OWGW-UI URL, for example `https://owgw-ui.example.com`.     |
+### owprov-ui.env
+| Variable                  | Description                                                                |
+| ------------------------- | -------------------------------------------------------------------------- |
+| `DEFAULT_UCENTRALSEC_URL` | Set this to your OWSec URL, for example `https://owsec.example.com:16001`. |
 ### traefik.env
 | Variable                                            | Description                               |
 | --------------------------------------------------- | ----------------------------------------- |
 | `TRAEFIK_CERTIFICATESRESOLVERS_OPENWIFI_ACME_EMAIL` | Email address used for ACME registration. |
+3. Spin up the deployment with `docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt up -d`. Make sure to specify the Compose and the according .env file every time you're working with the deployment or create an alias, for example `alias docker-compose-lb-letsencrypt="docker-compose -f docker-compose.lb.letsencrypt.yml --env-file .env.letsencrypt"`. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-lb-letsencrypt up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
+4. Check if the containers are up and running with `docker-compose-lb-letsencrypt ps`.
+5. Login to the UI and follow the instructions to change your default password.
 
-3. Since the deployment is split into multiple Compose and .env files it makes sense to create an alias, for example:
-```
-alias docker-compose-letsencrypt="docker-compose -f docker-compose.yml -f docker-compose.letsencrypt.yml --env-file .env.letsencrypt"
-```
-Spin up the deployment with `docker-compose-letsencrypt up -d` and make sure to always use the alias when executing `docker-compose` commands. You also have the possibility to scale specific services to a specified number of instances with `docker-compose-letsencrypt up -d --scale SERVICE=NUM`, where `SERVICE` is the service name as defined in the Compose file.
-
-4. Check if the containers are up and running with `docker-compose-letsencrypt ps`.
-5. Navigate to the UI and login with your OWSec authentication data.
-
-**Note**: Both deployments create local volumes to persist mostly application, database and certificate data. In addition to that the `certs/` directory is bind mounted into the microservice containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.
+**Note**: All deployments create local volumes to persist mostly application, database and certificate data. In addition to that the `certs/` directory is bind mounted into the microservice containers. Be aware that for the bind mounts the host directories and files will be owned by the user in the container. Since the files are under version control, you may have to change the ownership to your user again before pulling changes.

docker-compose/deploy.sh

@@ -0,0 +1,125 @@
+#!/bin/bash
+set -e
+
+# Usage function
+usage () {
+  echo;
+  echo "This script is intended for OpenWiFi cloud SDK deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose). Configuration is done based on shell environment variables.";
+  echo;
+  echo "Required environment variables:"
+  echo;
+  echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
+  echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
+  echo "- RTTY_TOKEN - token to be used for rttys and OWGW for remote tty sessions"
+  echo;
+#  echo "- INTERNAL_OWGW_HOSTNAME - OWGW microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWFMS_HOSTNAME - OWFms microservice hostname for Docker internal communication"
+#  echo "- INTERNAL_OWPROV_HOSTNAME - OWProv microservice hostname for Docker internal communication"
+#  echo;
+  echo "- OWGW_FILEUPLOADER_HOST_NAME - hostname to be used for OWGW fileupload";
+  echo "- OWGW_FILEUPLOADER_URI - URL to be used for OWGW fileupload";
+#  echo "- OWGW_SYSTEM_URI_PRIVATE - private URL to be used for OWGW";
+  echo "- OWGW_SYSTEM_URI_PUBLIC - public URL to be used for OWGW";
+  echo "- OWGW_RTTY_SERVER - public hostname of the RTTY server";
+  echo;
+#  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
+  echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo;
+#  echo "- OWFMS_SYSTEM_URI_PRIVATE - private URL to be used for OWFms";
+  echo "- OWFMS_SYSTEM_URI_PUBLIC - public URL to be used for OWFms";
+  echo "- OWFMS_S3_SECRET - secret key that is used for OWFms access to firmwares S3 bucket";
+  echo "- OWFMS_S3_KEY - access key that is used for OWFms access to firmwares S3 bucket";
+  echo;
+#  echo "- OWPROV_SYSTEM_URI_PRIVATE - private URL to be used for OWProv";
+  echo "- OWPROV_SYSTEM_URI_PUBLIC - public URL to be used for OWProv";
+}
+
+# Check if required environment variables were passed
+## Configuration variables applying to multiple microservices
+[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
+[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
+[ -z ${RTTY_TOKEN+x} ] && echo "RTTY_TOKEN is unset" && usage && exit 1
+## Internal microservice hostnames
+#[ -z ${INTERNAL_OWGW_HOSTNAME+x} ] && echo "INTERNAL_OWGW_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWFMS_HOSTNAME+x} ] && echo "INTERNAL_OWFMS_HOSTNAME is unset" && usage && exit 1
+#[ -z ${INTERNAL_OWPROV_HOSTNAME+x} ] && echo "INTERNAL_OWPROV_HOSTNAME is unset" && usage && exit 1
+## OWGW configuration variables
+[ -z ${OWGW_FILEUPLOADER_HOST_NAME+x} ] && echo "OWGW_FILEUPLOADER_HOST_NAME is unset" && usage && exit 1
+[ -z ${OWGW_FILEUPLOADER_URI+x} ] && echo "OWGW_FILEUPLOADER_URI is unset" && usage && exit 1
+#[ -z ${OWGW_SYSTEM_URI_PRIVATE+x} ] && echo "OWGW_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWGW_SYSTEM_URI_PUBLIC+x} ] && echo "OWGW_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+[ -z ${OWGW_RTTY_SERVER+x} ] && echo "OWGW_RTTY_SERVER is unset" && usage && exit 1
+## OWSec configuration variables
+[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
+[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
+#[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## OWFms configuration variables
+#[ -z ${OWFMS_SYSTEM_URI_PRIVATE+x} ] && echo "OWFMS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWFMS_SYSTEM_URI_PUBLIC+x} ] && echo "OWFMS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+[ -z ${OWFMS_S3_SECRET+x} ] && echo "OWFMS_S3_SECRET is unset" && usage && exit 1
+[ -z ${OWFMS_S3_KEY+x} ] && echo "OWFMS_S3_KEY is unset" && usage && exit 1
+## OWProv configuration variables
+#[ -z ${OWPROV_SYSTEM_URI_PRIVATE+x} ] && echo "OWPROV_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWPROV_SYSTEM_URI_PUBLIC+x} ] && echo "OWPROV_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+
+# Search and replace image version tags if set
+if [[ ! -z "$OWGW_VERSION" ]]; then
+  sed -i "s~.*OWGW_TAG=.*~OWGW_TAG=$OWGW_VERSION~" .env
+fi
+if [[ ! -z "$OWSEC_VERSION" ]]; then
+  sed -i "s~.*OWSEC_TAG=.*~OWSEC_TAG=$OWSEC_VERSION~" .env
+fi
+if [[ ! -z "$OWFMS_VERSION" ]]; then
+  sed -i "s~.*OWFMS_TAG=.*~OWFMS_TAG=$OWFMS_VERSION~" .env
+fi
+if [[ ! -z "$OWPROV_VERSION" ]]; then
+  sed -i "s~.*OWPROV_TAG=.*~OWPROV_TAG=$OWPROV_VERSION~" .env
+fi
+
+# Search and replace variable values in env files
+#sed -i "s~\(^INTERNAL_OWGW_HOSTNAME=\).*~\1$INTERNAL_OWGW_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWFMS_HOSTNAME=\).*~\1$INTERNAL_OWFMS_HOSTNAME~" .env
+#sed -i "s~\(^INTERNAL_OWPROV_HOSTNAME=\).*~\1$INTERNAL_OWPROV_HOSTNAME~" .env
+
+sed -i "s~.*FILEUPLOADER_HOST_NAME=.*~FILEUPLOADER_HOST_NAME=$OWGW_FILEUPLOADER_HOST_NAME~" owgw.env
+sed -i "s~.*FILEUPLOADER_URI=.*~FILEUPLOADER_URI=$OWGW_FILEUPLOADER_URI~" owgw.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWGW_SYSTEM_URI_PUBLIC~" owgw.env
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWGW_SYSTEM_URI_PRIVATE~" owgw.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owgw.env
+sed -i "s~.*RTTY_SERVER=.*~RTTY_SERVER=$OWGW_RTTY_SERVER~" owgw.env
+sed -i "s~.*RTTY_TOKEN=.*~RTTY_TOKEN=$RTTY_TOKEN~" owgw.env
+
+if [[ ! -z "$SIMULATORID" ]]; then
+  sed -i "s~.*SIMULATORID=.*~SIMULATORID=$SIMULATORID~" owgw.env
+fi
+
+sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owgw-ui.env
+
+sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
+sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owsec.env
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWFMS_SYSTEM_URI_PRIVATE~" owfms.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWFMS_SYSTEM_URI_PUBLIC~" owfms.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owfms.env
+sed -i "s~.*S3_SECRET=.*~S3_SECRET=$OWFMS_S3_SECRET~" owfms.env
+sed -i "s~.*S3_KEY=.*~S3_KEY=$OWFMS_S3_KEY~" owfms.env
+
+#sed -i "s~.*SYSTEM_URI_PRIVATE=.*~SYSTEM_URI_PRIVATE=$OWPROV_SYSTEM_URI_PRIVATE~" owprov.env
+sed -i "s~.*SYSTEM_URI_PUBLIC=.*~SYSTEM_URI_PUBLIC=$OWPROV_SYSTEM_URI_PUBLIC~" owprov.env
+sed -i "s~.*SYSTEM_URI_UI=.*~SYSTEM_URI_UI=$SYSTEM_URI_UI~" owprov.env
+
+sed -i "s~.*DEFAULT_UCENTRALSEC_URL=.*~DEFAULT_UCENTRALSEC_URL=$DEFAULT_UCENTRALSEC_URL~" owprov-ui.env
+
+sed -i "s~\(^token:\).*~\1 $RTTY_TOKEN~" rttys/rttys.conf
+
+# Run the deployment
+docker-compose up -d

docker-compose/docker-compose.lb.letsencrypt.yml

@@ -0,0 +1,187 @@
+version: '3'
+
+volumes:
+  owgw_data:
+    driver: local
+  owsec_data:
+    driver: local
+  owfms_data:
+    driver: local
+  owprov_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+  letsencrypt_certs:
+    driver: local
+
+networks:
+  openwifi:
+
+services:
+  owgw:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:${OWGW_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGW_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owgw.env
+    depends_on:
+      - kafka
+      - rttys
+    restart: unless-stopped
+    volumes:
+      - owgw_data:${OWGW_ROOT}/persist
+      - ./certs:/${OWGW_ROOT}/certs
+    sysctls:
+      - net.ipv4.tcp_keepalive_intvl=5
+      - net.ipv4.tcp_keepalive_probes=2
+      - net.ipv4.tcp_keepalive_time=45
+
+  owgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGWUI_HOSTNAME}
+    env_file:
+      - owgw-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owsec.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsec_data:${OWSEC_ROOT}/persist
+      - ./certs:/${OWSEC_ROOT}/certs
+
+  owfms:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWFMS_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owfms.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owfms_data:${OWFMS_ROOT}/persist
+      - ./certs:/${OWFMS_ROOT}/certs
+
+  owprov:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov:${OWPROV_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROV_HOSTNAME}
+    env_file:
+      - .env.letsencrypt
+      - owprov.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owprov_data:${OWPROV_ROOT}
+      - ./certs:/${OWPROV_ROOT}/certs
+
+  owprov-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov-ui:${OWPROVUI_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROVUI_HOSTNAME}
+    env_file:
+      - owprov-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  rttys:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_RTTYS_HOSTNAME}
+    restart: unless-stopped
+    volumes:
+      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
+      - "./rttys/rttys_letsencrypt.conf:/rttys/rttys.conf"
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - kafka.env
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka
+
+  traefik:
+    image: "traefik:${TRAEFIK_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - .env.letsencrypt
+      - traefik.env
+    depends_on:
+      - owsec
+      - owgw
+      - owgw-ui
+      - owfms
+      - owprov
+      - owprov-ui
+      - rttys
+    restart: unless-stopped
+    volumes:
+      - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
+      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
+      - "letsencrypt_certs:/letsencrypt"
+    ports:
+      - "15002:15002"
+      - "16002:16002"
+      - "16003:16003"
+      - "80:80"
+      - "443:443"
+      - "16001:16001"
+      - "16004:16004"
+      - "16005:16005"
+      - "5912:5912"
+      - "5913:5913"

docker-compose/docker-compose.lb.selfsigned.yml

@@ -0,0 +1,189 @@
+version: '3'
+
+volumes:
+  owgw_data:
+    driver: local
+  owsec_data:
+    driver: local
+  owfms_data:
+    driver: local
+  owprov_data:
+    driver: local
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+
+networks:
+  openwifi:
+
+services:
+  owgw:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw:${OWGW_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGW_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owgw.env
+    depends_on:
+      - kafka
+      - rttys
+    restart: unless-stopped
+    volumes:
+      - owgw_data:${OWGW_ROOT}/persist
+      - ./certs:/${OWGW_ROOT}/certs
+    sysctls:
+      - net.ipv4.tcp_keepalive_intvl=5
+      - net.ipv4.tcp_keepalive_probes=2
+      - net.ipv4.tcp_keepalive_time=45
+
+  owgw-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
+    env_file: 
+      - owgw-ui.env
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWGWUI_HOSTNAME}
+    env_file:
+      - owgw-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owsec.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owsec_data:${OWSEC_ROOT}/persist
+      - ./certs:/${OWSEC_ROOT}/certs
+
+  owfms:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWFMS_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owfms.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owfms_data:${OWFMS_ROOT}/persist
+      - ./certs:/${OWFMS_ROOT}/certs
+
+  owprov:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov:${OWPROV_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROV_HOSTNAME}
+    env_file:
+      - .env.selfsigned
+      - owprov.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - owprov_data:${OWPROV_ROOT}
+      - ./certs:/${OWPROV_ROOT}/certs
+
+  owprov-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov-ui:${OWPROVUI_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_OWPROVUI_HOSTNAME}
+    env_file:
+      - owprov-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+
+  rttys:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+    networks:
+      openwifi:
+        aliases:
+          - ${INTERNAL_RTTYS_HOSTNAME}
+    restart: unless-stopped
+    volumes:
+      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
+      - "./rttys/rttys.conf:/rttys/rttys.conf"
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      openwifi:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - kafka.env
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka
+
+  traefik:
+    image: "traefik:${TRAEFIK_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - traefik.env
+    depends_on:
+      - owsec
+      - owgw
+      - owgw-ui
+      - owfms
+      - owprov
+      - owprov-ui
+      - rttys
+    restart: unless-stopped
+    volumes:
+      - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
+      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
+      - "./certs/restapi-cert.pem:/certs/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/certs/restapi-key.pem"
+    ports:
+      - "15002:15002"
+      - "16002:16002"
+      - "16003:16003"
+      - "80:80"
+      - "8080:8080"
+      - "443:443"
+      - "8443:8443"
+      - "16001:16001"
+      - "16004:16004"
+      - "16005:16005"
+      - "5912:5912"
+      - "5913:5913"

docker-compose/docker-compose.letsencrypt.yml

@@ -1,30 +0,0 @@
-version: '3'
-
-volumes:
-  letsencrypt_certs:
-    driver: local
-
-services:
-  owgw:
-    env_file:
-      - .env.letsencrypt
-
-  owsec:
-    env_file:
-      - .env.letsencrypt
-
-  owfms:
-    env_file:
-      - .env.letsencrypt
-
-  rttys:
-    volumes:
-      - "./rttys/rttys_letsencrypt.conf:/rttys/rttys.conf"
-
-  traefik:
-    env_file:
-      - .env.letsencrypt
-    volumes:
-      - "./traefik/openwifi_letsencrypt.yaml:/etc/traefik/openwifi.yaml"
-      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
-      - "letsencrypt_certs:/letsencrypt"

docker-compose/docker-compose.postgresql.yml

@@ -0,0 +1,37 @@
+version: '3'
+
+volumes:
+  postgresql_data:
+    driver: local
+
+services:
+  owgw:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owgw"]
+
+  owsec:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owsec"]
+
+  owfms:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owfms"]
+
+  owprov:
+    depends_on:
+      - postgresql
+    command: ["./wait-for-postgres.sh", "postgresql", "/openwifi/owprov"]
+
+  postgresql:
+    image: "postgres:${POSTGRESQL_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - postgresql.env
+    restart: unless-stopped
+    volumes:
+      - postgresql_data:/var/lib/postgresql/data
+      - ./postgresql/init-db.sh:/docker-entrypoint-initdb.d/init-db.sh

docker-compose/docker-compose.selfsigned.yml

@@ -1,27 +0,0 @@
-version: '3'
-
-services:
-  owgw:
-    env_file:
-      - .env.selfsigned
-
-  owsec:
-    env_file:
-      - .env.selfsigned
-
-  owfms:
-    env_file:
-      - .env.selfsigned
-
-  rttys:
-    volumes:
-      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
-      - "./rttys/rttys_selfsigned.conf:/rttys/rttys.conf"
-
-  traefik:
-    volumes:
-      - "./traefik/openwifi_selfsigned.yaml:/etc/traefik/openwifi.yaml"
-      - "./certs/restapi-ca.pem:/certs/restapi-ca.pem"
-      - "./certs/restapi-cert.pem:/certs/restapi-cert.pem"
-      - "./certs/restapi-key.pem:/certs/restapi-key.pem"

docker-compose/docker-compose.yml

@@ -1,12 +1,6 @@
 version: '3'
 
 volumes:
-  owgw_data:
-    driver: local
-  owsec_data:
-    driver: local
-  owfms_data:
-    driver: local
   zookeeper_data:
     driver: local
   zookeeper_datalog:
@@ -31,22 +25,37 @@ services:
       - rttys
     restart: unless-stopped
     volumes:
-      - owgw_data:${OWGW_ROOT}/persist
-      - ./certs:/${OWGW_ROOT}/certs
+      - "./owgw_data:${OWGW_ROOT}"
+      - "./certs:/${OWGW_ROOT}/certs"
+    ports:
+      - "15002:15002"
+      - "16002:16002"
+      - "16102:16102"
+      - "16003:16003"
+    sysctls:
+      - net.ipv4.tcp_keepalive_intvl=5
+      - net.ipv4.tcp_keepalive_probes=2
+      - net.ipv4.tcp_keepalive_time=45
 
   owgw-ui:
     image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owgw-ui:${OWGWUI_TAG}"
     networks:
       openwifi:
-        aliases:
-          - ${INTERNAL_OWGWUI_HOSTNAME}
     env_file:
       - owgw-ui.env
     depends_on:
       - owsec
       - owgw
       - owfms
+      - owprov
     restart: unless-stopped
+    volumes:
+      - "./owgw-ui/default.conf:/etc/nginx/conf.d/default.conf"
+      - "./certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
+    ports:
+      - "80:80"
+      - "443:443"
 
   owsec:
     image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
@@ -60,8 +69,11 @@ services:
       - kafka
     restart: unless-stopped
     volumes:
-      - owsec_data:${OWSEC_ROOT}/persist
-      - ./certs:/${OWSEC_ROOT}/certs
+      - "./owsec_data:${OWSEC_ROOT}"
+      - "./certs:/${OWSEC_ROOT}/certs"
+    ports:
+      - "16001:16001"
+      - "16101:16101"
 
   owfms:
     image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owfms:${OWFMS_TAG}"
@@ -75,16 +87,62 @@ services:
       - kafka
     restart: unless-stopped
     volumes:
-      - owfms_data:${OWFMS_ROOT}/persist
-      - ./certs:/${OWFMS_ROOT}/certs
+      - "./owfms_data:${OWFMS_ROOT}"
+      - "./certs:/${OWFMS_ROOT}/certs"
+    ports:
+      - "16004:16004"
+      - "16104:16104"
 
-  rttys:
-    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+  owprov:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov:${OWPROV_TAG}"
     networks:
       openwifi:
         aliases:
-          - ${INTERNAL_RTTYS_HOSTNAME}
+          - ${INTERNAL_OWPROV_HOSTNAME}
+    env_file:
+      - owprov.env
+    depends_on:
+      - kafka
     restart: unless-stopped
+    volumes:
+      - "./owprov_data:${OWPROV_ROOT}"
+      - "./certs:/${OWPROV_ROOT}/certs"
+    ports:
+      - "16005:16005"
+      - "16105:16105"
+
+  owprov-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owprov-ui:${OWPROVUI_TAG}"
+    networks:
+      openwifi:
+    env_file:
+      - owprov-ui.env
+    depends_on:
+      - owsec
+      - owgw
+      - owfms
+      - owprov
+    restart: unless-stopped
+    volumes:
+      - "./owprov-ui/default.conf:/etc/nginx/conf.d/default.conf"
+      - "./certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
+    ports:
+      - "8080:8080"
+      - "8443:8443"
+
+  rttys:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/rttys:${RTTYS_TAG}"
+    restart: unless-stopped
+    networks:
+      openwifi:
+    volumes:
+      - "./certs/restapi-cert.pem:/etc/rttys/restapi-cert.pem"
+      - "./certs/restapi-key.pem:/etc/rttys/restapi-key.pem"
+      - "./rttys/rttys.conf:/rttys/rttys.conf"
+    ports:
+      - "5912:5912"
+      - "5913:5913"
 
   zookeeper:
     image: "zookeeper:${ZOOKEEPER_TAG}"
@@ -106,27 +164,3 @@ services:
       - zookeeper
     volumes:
       - kafka_data:/bitnami/kafka
-
-  traefik:
-    image: "traefik:${TRAEFIK_TAG}"
-    networks:
-      openwifi:
-    env_file:
-      - traefik.env
-    depends_on:
-      - owsec
-      - owgw
-      - owgw-ui
-      - owfms
-      - rttys
-    restart: unless-stopped
-    ports:
-      - "15002:15002"
-      - "16002:16002"
-      - "16003:16003"
-      - "80:80"
-      - "443:443"
-      - "16001:16001"
-      - "16004:16004"
-      - "5912:5912"
-      - "5913:5913"

docker-compose/owfms.env

@@ -1,9 +1,41 @@
 RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true
+
+OWFMS_ROOT=/owfms-data
+OWFMS_CONFIG=/owfms-data
+
+#RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16004
+#RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWFMS_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWFMS_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17004
+#INTERNAL_RESTAPI_HOST_CERT=$OWFMS_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWFMS_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#SERVICE_KEY=$OWFMS_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
 SYSTEM_DATA=$OWFMS_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owfms.wlan.local:17004
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16004
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#S3_BUCKETNAME=ucentral-ap-firmware
+#S3_REGION=us-east-1
 S3_SECRET=b0S6EiR5RLIxoe7Xvz9YXPPdxQCoZ6ze37qunTAI
 S3_KEY=AKIAUG47UZG7R6SRLD7F
+#S3_BUCKET_URI=ucentral-ap-firmware.s3.amazonaws.com
+#KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owfms
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owfms
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owfms
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owfms
+#STORAGE_TYPE_MYSQL_PASSWORD=owfms
+#STORAGE_TYPE_MYSQL_DATABASE=owfms
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owgw-ui/default.conf

@@ -0,0 +1,32 @@
+server {
+    listen       80;
+    listen  [::]:80;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen       443 ssl;
+    listen       [::]:443 ssl;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/restapi-cert.pem;
+    ssl_certificate_key /etc/nginx/restapi-key.pem;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

docker-compose/owgw.env

@@ -1,12 +1,59 @@
 RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true
+
+OWGW_ROOT=/owgw-data
+OWGW_CONFIG=/owgw-data
+
+#WEBSOCKET_HOST_ROOTCA=$OWGW_ROOT/certs/root.pem
+#WEBSOCKET_HOST_ISSUER=$OWGW_ROOT/certs/issuer.pem
+#WEBSOCKET_HOST_CERT=$OWGW_ROOT/certs/websocket-cert.pem
+#WEBSOCKET_HOST_KEY=$OWGW_ROOT/certs/websocket-key.pem
+#WEBSOCKET_HOST_CLIENTCAS=$OWGW_ROOT/certs/clientcas.pem
+#WEBSOCKET_HOST_CAS=$OWGW_ROOT/certs/cas
+#WEBSOCKET_HOST_PORT=15002
+#WEBSOCKET_HOST_KEY_PASSWORD=mypassword
+#RESTAPI_HOST_ROOTCA=$OWGW_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16002
+#RESTAPI_HOST_CERT=$OWGW_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWGW_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17002
+#INTERNAL_RESTAPI_HOST_CERT=$OWGW_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FILEUPLOADER_HOST_ROOTCA=$OWGW_ROOT/certs/restapi-ca.pem
 FILEUPLOADER_HOST_NAME=openwifi.wlan.local
+#FILEUPLOADER_HOST_PORT=16003
+#FILEUPLOADER_HOST_CERT=$OWGW_ROOT/certs/restapi-cert.pem
+#FILEUPLOADER_HOST_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#FILEUPLOADER_HOST_KEY_PASSWORD=mypassword
 FILEUPLOADER_PATH=$OWGW_ROOT/persist/uploads
 FILEUPLOADER_URI=https://openwifi.wlan.local:16003
+#SERVICE_KEY=$OWGW_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
 SYSTEM_DATA=$OWGW_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owgw.wlan.local:17002
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16002
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SIMULATORID=
 RTTY_ENABLED=true
 RTTY_SERVER=openwifi.wlan.local
+#RTTY_PORT=5912
+#RTTY_TOKEN=96181c567b4d0d98c50f127230068fa8
+#RTTY_TIMEOUT=60
+#RTTY_VIEWPORT=5913
+#KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owgw
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owgw
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owgw
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owgw
+#STORAGE_TYPE_MYSQL_PASSWORD=owgw
+#STORAGE_TYPE_MYSQL_DATABASE=owgw
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owls/.env

@@ -0,0 +1,17 @@
+# Image tags
+COMPOSE_PROJECT_NAME=owls
+OWSEC_TAG=main
+OWLS_TAG=main
+OWLSUI_TAG=master
+KAFKA_TAG=latest
+ZOOKEEPER_TAG=latest
+
+# Microservice root/config directories
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+OWLS_ROOT=/owls-data
+OWLS_CONFIG=/owls-data
+
+# Microservice hostnames
+INTERNAL_OWSEC_HOSTNAME=owsec.wlan.local
+INTERNAL_OWLS_HOSTNAME=owls.wlan.local

docker-compose/owls/README.md

@@ -0,0 +1,16 @@
+# OpenWifi OWLS Docker Compose
+## Deployment with self-signed certificates
+To run a load simulation you need to generate a specific Digicert-signed AP certificate which will be used to connect to the gateway. The certificate serial number has to start with the digits `53494d` since otherwise the gateway won't allow a load simulation. The rest of the serial number and the specified redirector URL can be chosen randomly. You only need to generate one AP certificate for your simulations.  
+Be aware that since the OWLS deployment partly exposes the same ports on the host as the OpenWifi deployment, it is not intended that both run on the same host.
+1. Copy or move your AP load simulation certificate into the `docker-compose/certs` directory. Don't forget to name the files `device-cert.pem` and `device-key.pem` or adapt the path names in the OWLS configuration if you're using different file names.
+2. To be able to run load simulation tests against your OpenWifi SDK deployment, you'll have to [add the serial number of your generated AP certificate to the gateway configuration](https://github.com/Telecominfraproject/wlan-cloud-owls#prepare-your-openwifi-gateway). You can do that by either editing [owgw.env](../owgw.env) or doing the changes directly in your OWGW configuration file if it is exposed on your Docker host.
+3. Switch into the project directory with `cd docker-compose/owls`.
+4. Add an entry for `openwifi-owls.wlan.local` in your hosts file which points to `127.0.0.1` or whatever the IP of the host running the OWLS deployment is.
+5. Spin up the deployment with `docker-compose up -d`.
+6. Check if the containers are up and running with `docker-compose ps`.
+7. Add SSL certificate exceptions in your browser by visiting https://openwifi-owls.wlan.local:16001 and https://openwifi-owls.wlan.local:16007.
+8. If you're using an OpenWifi deployment with self-signed certificates, you'll have to add a custom hosts entry for `openwifi.wlan.local` on the machine running the OWLS deployment pointing to the remote IP of your OpenWifi host.
+9. Login to the UI by visiting https://openwifi-owls.wlan.local and follow the instructions to change your default password.
+10. In the Simulation tab, click on the + sign on the right side to add a load simulation.
+11. Fill out the required fields. MAC prefix is used for the MAC addresses of the simulated devices, so you can use any six-digit hexadecimal number. Specify the remote address of your OpenWifi gateway in the Gateway field, for example `https://openwifi.wlan.local:15002`. Adapt the rest of the settings according to your needs.
+12. Click on the floppy disk icon to save your load simulation. You can run it by clicking the play symbol in the table view.

docker-compose/owls/deploy_owls.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+set -e
+
+# Usage function
+usage () {
+  echo;
+  echo "This script is intended for OpenWifi OWLS deployment using Docker Compose (https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy/tree/main/docker-compose) in a Kubernetes pod";
+  echo;
+  echo "Required environment variables:"
+  echo;
+  echo "- DEPLOY_VERSION - version of the wlan-cloud-ucentral-deploy repo to be used";
+  echo;
+  echo "- DEFAULT_UCENTRALSEC_URL - public URL of the OWSec service"
+  echo "- SYSTEM_URI_UI - public URL of the OWGW-UI service"
+  echo;
+  echo "- INTERNAL_OWSEC_HOSTNAME - OWSec microservice hostname for Docker internal communication"
+  echo;
+  echo "- OWSEC_SYSTEM_URI_PRIVATE - private URL to be used for OWSec";
+  echo "- OWSEC_SYSTEM_URI_PUBLIC - public URL to be used for OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_USERNAME - username to be used for requests to OWSec";
+  echo "- OWSEC_AUTHENTICATION_DEFAULT_PASSWORD - hashed password for OWSec (details on this may be found in https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationdefaultpassword)";
+  echo;
+  echo "- OWLS_SYSTEM_URI_PRIVATE - private URL to be used for OWLS";
+  echo "- OWLS_SYSTEM_URI_PUBLIC - public URL to be used for OWLS";
+  echo;
+  echo "- DEVICE_CERT - path to the device certificate";
+  echo "- DEVICE_KEY - path to the device key";
+}
+
+# Check if required environment variables were passed
+## Deployment specifics
+[ -z ${DEPLOY_VERSION+x} ] && echo "DEPLOY_VERSION is unset" && usage && exit 1
+## Configuration variables applying to multiple microservices
+[ -z ${DEFAULT_UCENTRALSEC_URL+x} ] && echo "DEFAULT_UCENTRALSEC_URL is unset" && usage && exit 1
+[ -z ${SYSTEM_URI_UI+x} ] && echo "SYSTEM_URI_UI is unset" && usage && exit 1
+## Internal microservice hostnames
+[ -z ${INTERNAL_OWSEC_HOSTNAME+x} ] && echo "INTERNAL_OWSEC_HOSTNAME is unset" && usage && exit 1
+## OWSec configuration variables
+[ -z ${OWSEC_AUTHENTICATION_DEFAULT_USERNAME+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_USERNAME is unset" && usage && exit 1
+[ -z ${OWSEC_AUTHENTICATION_DEFAULT_PASSWORD+x} ] && echo "OWSEC_AUTHENTICATION_DEFAULT_PASSWORD is unset" && usage && exit 1
+[ -z ${OWSEC_SYSTEM_URI_PRIVATE+x} ] && echo "OWSEC_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWSEC_SYSTEM_URI_PUBLIC+x} ] && echo "OWSEC_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+# OWLS configuration variables
+[ -z ${OWLS_SYSTEM_URI_PRIVATE+x} ] && echo "OWLS_SYSTEM_URI_PRIVATE is unset" && usage && exit 1
+[ -z ${OWLS_SYSTEM_URI_PUBLIC+x} ] && echo "OWLS_SYSTEM_URI_PUBLIC is unset" && usage && exit 1
+## cert related variables
+[ -z ${DEVICE_CERT+x} ] && echo "DEVICE_CERT is unset" && usage && exit 1
+[ -z ${DEVICE_KEY+x} ] && echo "DEVICE_KEY is unset" && usage && exit 1
+
+# Clone repo and copy certificates
+mkdir wlan-cloud-ucentral-deploy-tmp
+git clone --branch $DEPLOY_VERSION https://github.com/Telecominfraproject/wlan-cloud-ucentral-deploy.git /wlan-cloud-ucentral-deploy-tmp 
+mv -f /wlan-cloud-ucentral-deploy-tmp/* /wlan-cloud-ucentral-deploy/ && rm -r wlan-cloud-ucentral-deploy-tmp
+cd wlan-cloud-ucentral-deploy/docker-compose/owls
+
+# Search and replace variable values in env files
+sed -i "s~\(^INTERNAL_OWSEC_HOSTNAME=\).*~\1$INTERNAL_OWSEC_HOSTNAME~" .env
+sed -i "s~\(^INTERNAL_OWLS_HOSTNAME=\).*~\1$INTERNAL_OWLS_HOSTNAME~" .env
+
+sed -i "s~\(^DEFAULT_UCENTRALSEC_URL=\).*~\1$DEFAULT_UCENTRALSEC_URL~" owls-ui.env
+
+sed -i "s~.*AUTHENTICATION_DEFAULT_USERNAME=.*~AUTHENTICATION_DEFAULT_USERNAME=$OWSEC_AUTHENTICATION_DEFAULT_USERNAME~" owsec.env
+sed -i "s~.*AUTHENTICATION_DEFAULT_PASSWORD=.*~AUTHENTICATION_DEFAULT_PASSWORD=$OWSEC_AUTHENTICATION_DEFAULT_PASSWORD~" owsec.env
+sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWSEC_SYSTEM_URI_PRIVATE~" owsec.env
+sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWSEC_SYSTEM_URI_PUBLIC~" owsec.env
+sed -i "s~\(^SYSTEM_URI_UI=\).*~\1$SYSTEM_URI_UI~" owsec.env
+
+sed -i "s~\(^SYSTEM_URI_PRIVATE=\).*~\1$OWLS_SYSTEM_URI_PRIVATE~" owls.env
+sed -i "s~\(^SYSTEM_URI_PUBLIC=\).*~\1$OWLS_SYSTEM_URI_PUBLIC~" owls.env
+
+# Run the deployment and attach to logs
+cat $DEVICE_CERT > ../certs/device-cert.pem
+cat $DEVICE_KEY > ../certs/device-key.pem
+exec docker-compose up --attach-dependencies

docker-compose/owls/docker-compose.yml

@@ -0,0 +1,89 @@
+version: '3'
+
+volumes:
+  zookeeper_data:
+    driver: local
+  zookeeper_datalog:
+    driver: local
+  kafka_data:
+    driver: local
+
+networks:
+  owls:
+
+services:
+  owsec:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owsec:${OWSEC_TAG}"
+    networks:
+      owls:
+        aliases:
+          - ${INTERNAL_OWSEC_HOSTNAME}
+    env_file:
+      - owsec.env
+    depends_on:
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owsec_data:${OWSEC_ROOT}"
+      - "../certs:/${OWSEC_ROOT}/certs"
+    ports:
+      - "16001:16001"
+      - "16101:16101"
+
+  owls:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls:${OWLS_TAG}"
+    networks:
+      owls:
+        aliases:
+          - ${INTERNAL_OWLS_HOSTNAME}
+    env_file:
+      - owls.env
+    depends_on:
+      - owsec
+      - kafka
+    restart: unless-stopped
+    volumes:
+      - "./owls_data:${OWLS_ROOT}"
+      - "../certs:/${OWLS_ROOT}/certs"
+    ports:
+      - "16007:16007"
+      - "16107:16107"
+
+  owls-ui:
+    image: "tip-tip-wlan-cloud-ucentral.jfrog.io/owls-ui:${OWLSUI_TAG}"
+    networks:
+      owls:
+    env_file:
+      - owls-ui.env
+    depends_on:
+      - owsec
+      - owls
+    restart: unless-stopped
+    volumes:
+      - "./owls-ui/default.conf:/etc/nginx/conf.d/default.conf"
+      - "../certs/restapi-cert.pem:/etc/nginx/restapi-cert.pem"
+      - "../certs/restapi-key.pem:/etc/nginx/restapi-key.pem"
+    ports:
+      - "80:80"
+      - "443:443"
+
+  zookeeper:
+    image: "zookeeper:${ZOOKEEPER_TAG}"
+    networks:
+      owls:
+    restart: unless-stopped
+    volumes:
+      - zookeeper_data:/data
+      - zookeeper_datalog:/datalog
+
+  kafka:
+    image: "docker.io/bitnami/kafka:${KAFKA_TAG}"
+    networks:
+      owls:
+    env_file:
+      - kafka.env
+    restart: unless-stopped
+    depends_on:
+      - zookeeper
+    volumes:
+      - kafka_data:/bitnami/kafka

docker-compose/owls/kafka.env

@@ -0,0 +1,2 @@
+KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
+ALLOW_PLAINTEXT_LISTENER=yes

docker-compose/owls/owls-ui.env

@@ -0,0 +1,2 @@
+DEFAULT_UCENTRALSEC_URL=https://openwifi-owls.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owls/owls-ui/default.conf

@@ -0,0 +1,32 @@
+server {
+    listen       80;
+    listen  [::]:80;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen       443 ssl;
+    listen       [::]:443 ssl;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/restapi-cert.pem;
+    ssl_certificate_key /etc/nginx/restapi-key.pem;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

docker-compose/owls/owls.env

@@ -0,0 +1,43 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWLS_ROOT=/owls-data
+OWLS_CONFIG=/owls-data
+
+#ROOTCA=$OWLS_ROOT/certs/root.pem
+#ISSUER=$OWLS_ROOT/certs/issuer.pem
+#CERT=$OWLS_ROOT/certs/device-cert.pem
+#KEY=$OWLS_ROOT/certs/device-key.pem
+#CLIENTCAS=$OWLS_ROOT/certs/clientcas.pem
+#CAS=$OWLS_ROOT/certs/cas
+#KEY_PASSWORD=mypassword
+#RESTAPI_HOST_ROOTCA=$OWLS_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16007
+#RESTAPI_HOST_CERT=$OWLS_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWLS_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWLS_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17007
+#INTERNAL_RESTAPI_HOST_CERT=$OWLS_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWLS_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#SERVICE_KEY=$OWLS_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWLS_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owls.wlan.local:17007
+SYSTEM_URI_PUBLIC=https://openwifi-owls.wlan.local:16007
+SYSTEM_URI_UI=https://openwifi-owls.wlan.local
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owls
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owls
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owls
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owls
+#STORAGE_TYPE_MYSQL_PASSWORD=owls
+#STORAGE_TYPE_MYSQL_DATABASE=owls
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owls/owsec.env

@@ -0,0 +1,47 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+
+#RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16001
+#RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#RESTAPI_WWWASSETS=$OWSEC_ROOT/wwwassets
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17001
+#INTERNAL_RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#AUTHENTICATION_DEFAULT_USERNAME=tip@ucentral.com
+#AUTHENTICATION_DEFAULT_PASSWORD=13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
+SYSTEM_DATA=$OWSEC_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
+SYSTEM_URI_PUBLIC=https://openwifi-owls.wlan.local:16001
+SYSTEM_URI_UI=https://openwifi-owls.wlan.local
+#SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+#MAILER_HOSTNAME=localhost
+#MAILER_USERNAME=************************
+#MAILER_PASSWORD=************************
+#MAILER_SENDER=OpenWIFI
+#MAILER_PORT=587
+#MAILER_TEMPLATES=$OWSEC_ROOT/templates
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#DOCUMENT_POLICY_ACCESS=$OWSEC_ROOT/wwwassets/access_policy.html
+#DOCUMENT_POLICY_PASSWORD=$OWSEC_ROOT/wwwassets/password_policy.html
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owsec
+#STORAGE_TYPE_MYSQL_PASSWORD=owsec
+#STORAGE_TYPE_MYSQL_DATABASE=owsec
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owprov-ui.env

@@ -0,0 +1,2 @@
+DEFAULT_UCENTRALSEC_URL=https://openwifi.wlan.local:16001
+ALLOW_UCENTRALSEC_CHANGE=false

docker-compose/owprov-ui/default.conf

@@ -0,0 +1,32 @@
+server {
+    listen       8080;
+    listen  [::]:8080;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    return 301 https://$host:8443$request_uri;
+}
+
+server {
+    listen       8443 ssl;
+    listen       [::]:8443 ssl;
+
+    # Disable emitting nginx version
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/restapi-cert.pem;
+    ssl_certificate_key /etc/nginx/restapi-key.pem;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}

docker-compose/owprov.env

@@ -0,0 +1,38 @@
+RUN_CHOWN=true
+TEMPLATE_CONFIG=true
+SELFSIGNED_CERTS=true
+
+OWPROV_ROOT=/owprov-data
+OWPROV_CONFIG=/owprov-data
+
+#RESTAPI_HOST_ROOTCA=$OWPROV_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16005
+#RESTAPI_HOST_CERT=$OWPROV_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWPROV_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWPROV_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17005
+#INTERNAL_RESTAPI_HOST_CERT=$OWPROV_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWPROV_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#FIRMWARE_UPDATER_UPGRADE=yes
+#FIRMWARE_UPDATER_RCONLY=no
+#SERVICE_KEY=$OWPROV_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+SYSTEM_DATA=$OWPROV_ROOT/persist
+SYSTEM_URI_PRIVATE=https://owprov.wlan.local:17005
+SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16005
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#KAFKA_ENABLE=true
+KAFKA_BROKERLIST=kafka:9092
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owprov
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owprov
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owprov
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owprov
+#STORAGE_TYPE_MYSQL_PASSWORD=owprov
+#STORAGE_TYPE_MYSQL_DATABASE=owprov
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/owsec.env

@@ -1,7 +1,47 @@
 RUN_CHOWN=true
 TEMPLATE_CONFIG=true
 SELFSIGNED_CERTS=true
+
+OWSEC_ROOT=/owsec-data
+OWSEC_CONFIG=/owsec-data
+
+#RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#RESTAPI_HOST_PORT=16001
+#RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#RESTAPI_HOST_KEY_PASSWORD=mypassword
+#RESTAPI_WWWASSETS=$OWSEC_ROOT/wwwassets
+#INTERNAL_RESTAPI_HOST_ROOTCA=$OWSEC_ROOT/certs/restapi-ca.pem
+#INTERNAL_RESTAPI_HOST_PORT=17001
+#INTERNAL_RESTAPI_HOST_CERT=$OWSEC_ROOT/certs/restapi-cert.pem
+#INTERNAL_RESTAPI_HOST_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#INTERNAL_RESTAPI_HOST_KEY_PASSWORD=mypassword
+#AUTHENTICATION_DEFAULT_USERNAME=tip@ucentral.com
+#AUTHENTICATION_DEFAULT_PASSWORD=13268b7daa751240369d125e79c873bd8dd3bef7981bdfd38ea03dbb1fbe7dcf
 SYSTEM_DATA=$OWSEC_ROOT/persist
 SYSTEM_URI_PRIVATE=https://owsec.wlan.local:17001
 SYSTEM_URI_PUBLIC=https://openwifi.wlan.local:16001
+SYSTEM_URI_UI=https://openwifi.wlan.local
+#SERVICE_KEY=$OWSEC_ROOT/certs/restapi-key.pem
+#SERVICE_KEY_PASSWORD=mypassword
+#MAILER_HOSTNAME=localhost
+#MAILER_USERNAME=************************
+#MAILER_PASSWORD=************************
+#MAILER_SENDER=OpenWIFI
+#MAILER_PORT=587
+#MAILER_TEMPLATES=$OWSEC_ROOT/templates
+#KAFKA_ENABLE=true
 KAFKA_BROKERLIST=kafka:9092
+#DOCUMENT_POLICY_ACCESS=$OWSEC_ROOT/wwwassets/access_policy.html
+#DOCUMENT_POLICY_PASSWORD=$OWSEC_ROOT/wwwassets/password_policy.html
+#STORAGE_TYPE=sqlite
+#STORAGE_TYPE_POSTGRESQL_HOST=localhost
+#STORAGE_TYPE_POSTGRESQL_USERNAME=owsec
+#STORAGE_TYPE_POSTGRESQL_PASSWORD=owsec
+#STORAGE_TYPE_POSTGRESQL_DATABASE=owsec
+#STORAGE_TYPE_POSTGRESQL_PORT=5432
+#STORAGE_TYPE_MYSQL_HOST=localhost
+#STORAGE_TYPE_MYSQL_USERNAME=owsec
+#STORAGE_TYPE_MYSQL_PASSWORD=owsec
+#STORAGE_TYPE_MYSQL_DATABASE=owsec
+#STORAGE_TYPE_MYSQL_PORT=3306

docker-compose/postgresql.env

@@ -0,0 +1,14 @@
+POSTGRES_PASSWORD=postgres
+POSTGRES_USER=postgres
+OWGW_DB=owgw
+OWGW_DB_USER=owgw
+OWGW_DB_PASSWORD=owgw
+OWSEC_DB=owsec
+OWSEC_DB_USER=owsec
+OWSEC_DB_PASSWORD=owsec
+OWFMS_DB=owfms
+OWFMS_DB_USER=owfms
+OWFMS_DB_PASSWORD=owfms
+OWPROV_DB=owprov
+OWPROV_DB_USER=owprov
+OWPROV_DB_PASSWORD=owprov

docker-compose/postgresql/init-db.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+    CREATE USER $OWGW_DB_USER WITH ENCRYPTED PASSWORD '$OWGW_DB_PASSWORD';
+    CREATE DATABASE $OWGW_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWGW_DB TO $OWGW_DB_USER;
+    CREATE USER $OWSEC_DB_USER WITH ENCRYPTED PASSWORD '$OWSEC_DB_PASSWORD';
+    CREATE DATABASE $OWSEC_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWSEC_DB TO $OWSEC_DB_USER;
+    CREATE USER $OWFMS_DB_USER WITH ENCRYPTED PASSWORD '$OWFMS_DB_PASSWORD';
+    CREATE DATABASE $OWFMS_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWFMS_DB TO $OWFMS_DB_USER;
+    CREATE USER $OWPROV_DB_USER WITH ENCRYPTED PASSWORD '$OWPROV_DB_PASSWORD';
+    CREATE DATABASE $OWPROV_DB;
+    GRANT ALL PRIVILEGES ON DATABASE $OWPROV_DB TO $OWPROV_DB_USER;
+EOSQL

docker-compose/traefik.env

@@ -3,9 +3,13 @@ TRAEFIK_ENTRYPOINTS_OWGWRESTAPI_ADDRESS=:16002
 TRAEFIK_ENTRYPOINTS_OWGWFILEUPLOAD_ADDRESS=:16003
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_ADDRESS=:80
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owgwuihttps
+TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_ADDRESS=:8080
+TRAEFIK_ENTRYPOINTS_OWPROVUIHTTP_HTTP_REDIRECTIONS_ENTRYPOINT_TO=owprovuihttps
 TRAEFIK_ENTRYPOINTS_OWGWUIHTTPS_ADDRESS=:443
+TRAEFIK_ENTRYPOINTS_OWPROVUIHTTPS_ADDRESS=:8443
 TRAEFIK_ENTRYPOINTS_OWSECRESTAPI_ADDRESS=:16001
 TRAEFIK_ENTRYPOINTS_OWFMSRESTAPI_ADDRESS=:16004
+TRAEFIK_ENTRYPOINTS_OWPROVRESTAPI_ADDRESS=:16005
 TRAEFIK_ENTRYPOINTS_RTTYSDEV_ADDRESS=:5912
 TRAEFIK_ENTRYPOINTS_RTTYSUSER_ADDRESS=:5913
 TRAEFIK_PROVIDERS_FILE_FILENAME=/etc/traefik/openwifi.yaml

docker-compose/traefik/openwifi_letsencrypt.yaml

@@ -20,6 +20,14 @@ http:
       loadBalancer:
         servers:
           - url: "https://owfms.wlan.local:16004/"
+    owprov-restapi:
+      loadBalancer:
+        servers:
+          - url: "https://owprov.wlan.local:16005/"
+    owprov-ui:
+      loadBalancer:
+        servers:
+          - url: "http://owprov-ui.wlan.local:80/"
     rttys-user:
       loadBalancer:
         servers:
@@ -60,6 +68,22 @@ http:
       rule: "Host(`{{env "OWFMS_HOSTNAME"}}`)"
       tls:
         certResolver: "openwifi"
+    owprov-restapi:
+      entryPoints: "owprovrestapi"
+      service: "owprov-restapi"
+      rule: "Host(`{{env "OWPROV_HOSTNAME"}}`)"
+      tls:
+        certResolver: "openwifi"
+    owprov-ui-http:
+      entryPoints: "owgwuihttp"
+      service: "owprov-ui"
+      rule: "Host(`{{ env "OWPROVUI_HOSTNAME" }}`)"
+    owprov-ui-https:
+      entryPoints: "owgwuihttps"
+      service: "owprov-ui"
+      rule: "Host(`{{ env "OWPROVUI_HOSTNAME" }}`)"
+      tls:
+        certResolver: "openwifi"
     rttys-user:
       entryPoints: "rttysuser"
       service: "rttys-user"

docker-compose/traefik/openwifi_selfsigned.yaml

@@ -10,6 +10,11 @@ http:
         servers:
           - url: "http://owgw-ui.wlan.local:80/"
 
+    owprov-ui:
+      loadBalancer:
+        servers:
+          - url: "http://owprov-ui.wlan.local:80/"
+
   routers:
     owgw-ui-http:
       entryPoints: "owgwuihttp"
@@ -22,6 +27,17 @@ http:
       rule: "PathPrefix(`/`)"
       tls: {}
 
+    owprov-ui-http:
+      entryPoints: "owprovuihttp"
+      service: "owprov-ui"
+      rule: "PathPrefix(`/`)"
+
+    owprov-ui-https:
+      entryPoints: "owprovuihttps"
+      service: "owprov-ui"
+      rule: "PathPrefix(`/`)"
+      tls: {}
+
 tcp:
   services:
     owgw-websocket:
@@ -44,6 +60,10 @@ tcp:
       loadBalancer:
         servers:
           - address: "owfms.wlan.local:16004"
+    owprov-restapi:
+      loadBalancer:
+        servers:
+          - address: "owprov.wlan.local:16005"
     rttys-dev:
       loadBalancer:
         servers:
@@ -84,6 +104,12 @@ tcp:
       rule: "HostSNI(`*`)"
       tls:
         passthrough: true
+    owprov-restapi:
+      entryPoints: "owprovrestapi"
+      service: "owprov-restapi"
+      rule: "HostSNI(`*`)"
+      tls:
+        passthrough: true
     rttys-dev:
       entryPoints: "rttysdev"
       service: "rttys-dev"